There’s a suitable tool for every use case for Kubernetes. Nevertheless, automating reproducible and flexible rollouts for infrastructure components and applications for different stages without ending up in scripting hell is still challenging. Helm becomes powerful when used together with Helmfile.

Kubernetes deployments with Helm and Helmfile

There are many ways to achieve automated deployment. In some cases, religious discussions can be held about the “how” and the “with what”. The decisive factor is achieving a high degree of automation when rolling out infrastructure and application components with the simplest possible structuring means. A good start is a CI/CD pipeline that executes provisioning scripts under version control.

But over time, the scripts grow and keeping them maintainable and repeatable becomes incresnigly difficult. So it’s advised that you use tools that process a model of your desired state and attempt to create it in the target system instead of sequentially processing steps. Helmfile is a tool that compensates for some of Helm's shortcomings.

What ist Helm?

Helm is a package manager for Kubernetes. Although not uncontroversial, it is established as the de facto standard for packaging applications for Kubernetes. Helm forms a logical bracket around related Kubernetes manifests that describe an application and are generated by (Go) templates. The values that the template placeholders are replaced with are provided by Helm from outside either as values file or via parameters. Templates and the values’ default assignments are summarized in a Helm Chart. This allows the application’s Kubernetes internals to be hidden from users.

Values are the interface for configuring rollout and also the application. This gives authors the opportunity to make their charts available to others without them needing in-depth knowledge of execution mechanics. Helm charts are versioned according to semver and published in Helm repositories (e.g. in S3 or via OCI). The Artifact Hub is an aggregator that makes the repositories of others searchable. This creates a vital ecosystem with countless components.

But Helm also has shortcomings, especially if you want to use it in deployment pipelines. One challenge is secrets management. Secrets cannot be introduced into the templates from environment variables or other sources without detours. If you want to work with pull requests, it’s helpful to assess the changes before you roll them out. If several Helm charts...