Overview
As part of Komodor's vision of helping Kubernetes users to navigate and troubleshoot their clusters, Komodor provides an extensive UI to view and manage installed Helm charts, and see their revision history and corresponding k8s resources. It also allows performing simple actions like rollback to a previous revision or upgrading to a newer version.
Some of the key capabilities are:
- Multiple clusters support
- See all installed charts and their revision history
- See manifest diff of the past revisions
- Browse k8s resources managed by the chart
- Easy rollback or upgrade version with a clear and easy manifest diff
Pre-requisites
Agent version 0.1.158 and above
Agent permissions/values
In order to add those capabilities, the Komodor agent has to have permission to read and manipulate secrets.
To add those permissions, enable the following values on the Helm chart:
- watcher.resources.secret=true - allows Komodor agent to send secrets to the Komodor SaaS (all secrets are redacted by default)
- watcher.enableHelm=true - allows Komodor agent to send Helm-related secrets.
- helm.enableActions=true - adds relevant permissions to the Komodor agent to allow performing various helm-related actions (manipulation of secrets)
Upgrade command
helm repo update; helm upgrade --install k8s-watcher komodorio/k8s-watcher --set watcher.resources.secret=true --set watcher.enableHelm=true --set helm.enableActions=true --reuse-values
Permissions
You can control who has access to view or modify helm charts within your clusters using Komodor RBAC. The following actions can be specified on the RBAC policy level: manage:helm
(allowing the following: update, add and remove repos) read:helm-repo
install:helm-chart
uninstall:helm-chart
revert:helm-chart
Please note: account-admin would be able to perform all of those
Releases (Charts)
When entering the "Helm" section in the Komodor UI, on the releases tab, you can see all your Helm Charts, you can filter them, and perform various actions on them.
When viewing a specific release, you can easily get the revision history
You can also compare its manifest/values with other revisions.
Helm Actions
Supported actions for Charts:
- Change version - will only appear when a repository containing the chart is configured for the relevant cluster.
You’ll be able to select either a newer or older version of that Chart.
This action performs the following helm command
`helm upgrade --install ${name} ${chartName} --create-namespace --namespace ${namespace} --version ${version} --values ${values}`
- Uninstall - Uninstall a chart.
Will perform the following command:helm uninstall RELEASE_NAME [...] [flags]
- Rollback - Rollback to the chosen version.
Will perform the following command:helm rollback <RELEASE> [REVISION] [flags]
Repositories
To enable upgrading Helm Charts directly from Komodor you have to add the Helm repositories where your charts reside.
In order to view and manage your repositories you need the following permissions: manage:helm
(allowing the following: update, add and remove repos) read:helm-repo
Adding a repository:
Adding a repository will add the repository to komodor agent that is running on the chosen clusters.
- Navigate to "Helm" under the Resources section in Komodor
- Switch to the Repositories tab
- Click “Add Repository”
- Specify the repository details - Name, URL, and Clusters to associate this repository with
- Save the repository
Test connection:
When adding a repo, Komodor verifies that the Repo is accessible from a public network.
In case you are referring to a private repo, ignore the warning
Behind the scenes, the Komodor Agent will install those repositories and will use them to initiate the relevant commands.
Please note: Currently, the only repo authentication method supported is user:password
Comments
0 comments
Please sign in to leave a comment.