Skip to main content
HashnodeDevOps Journey with M Hassan

Command Palette

Search for a command to run...

15: Mastering Helm, YAML Validation, Monitoring, and Security

Updated
3 min read
15: Mastering Helm, YAML Validation, Monitoring, and Security
M
Muhammad Hassan

Kubernetes (K8s) is an essential tool for managing containerized applications. To simplify operations, tools like Helm and Kubernetes-native monitoring solutions like Prometheus and Grafana are indispensable. This blog will guide you through:

  • Helm: Kubernetes Package Manager

  • YAML Validation and Best Practices

  • Monitoring Kubernetes Clusters

  • Enhancing Cluster Security

1. Helm: Simplifying Kubernetes Package Management

What is Helm?

Helm is a package manager for Kubernetes that makes deploying and managing applications easier by using charts—a collection of pre-configured Kubernetes resources. Instead of writing complex YAML files for deployments, Helm allows you to deploy applications like Apache servers or Prometheus in minutes.

Installing Helm

To get started with Helm, follow these steps:

curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null  
sudo apt-get install apt-transport-https --yes  
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list  
sudo apt-get update  
sudo apt-get install helm

Using Helm Charts

Helm charts simplify deployments:

  1. Search for a chart:

     helm search hub apache

  2. View chart details:

     helm show chart <chart-name>

  3. Install a chart (e.g., Apache server):

     helm install my-apache bitnami/apache

  4. Customize a deployment using your values file:

     helm install my-apache bitnami/apache --values apache-custom.yaml

  5. List installed releases:

     helm ls

  6. Uninstall a release:

     helm uninstall my-apache

Deploying Prometheus and Grafana with Helm

Let’s deploy a monitoring stack with Helm:

Step 1: Add the Helm Repository

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts  
helm repo update

Step 2: Install Prometheus-Grafana Stack

kubectl create ns monitoring  
helm install prometheus --namespace monitoring prometheus-community/kube-prometheus-stack

Step 3: Access the Grafana Dashboard

  1. Check running pods and services:

     kubectl get pods -n monitoring  
 kubectl get svc -n monitoring

  2. Port-forward Grafana for local access:

     kubectl port-forward -n monitoring service/prometheus-grafana 3000:80

  3. Access Grafana in your browser:

2. Validating YAML Files in Kubernetes

Why Validate YAML?

A minor syntax error can break your Kubernetes deployment. Tools like kubeval and kube-score ensure your YAML files are correctly configured and optimized.

YAML Validation Tools

  1. kubeval:

     kubeval deployment.yaml

  2. kube-score:

     kube-score score deployment.yaml

Using Environment Variables in YAML

You can use tools like envsubst to inject variables into your YAML files dynamically:

export APP_NAME=my-app  
envsubst < deployment-template.yaml > deployment.yaml

3. Multi-Cluster Management and Security

Multi-Cluster Deployment

Helm supports deploying to multiple clusters by configuring kubeconfig files and specifying the target cluster:

export KUBECONFIG=/path/to/kubeconfig  
kubectl config use-context <cluster-name>

Ingress in Kubernetes

Ingress resources expose HTTP and HTTPS routes from outside the cluster to services within it. A sample ingress YAML:

apiVersion: networking.k8s.io/v1  
kind: Ingress  
metadata:  
  name: example-ingress  
spec:  
  rules:  
    - host: example.com  
      http:  
        paths:  
          - path: /  
            pathType: Prefix  
            backend:  
              service:  
                name: example-service  
                port:  
                  number: 80

4. Enhancing Security in Kubernetes

Cluster Scanning with Kubescape

Kubescape is a Kubernetes-native tool for scanning clusters for vulnerabilities:

kubescape scan --include-namespace dev

Decode Kubernetes Secrets

Secrets in Kubernetes are base64-encoded. To decode them:

kubectl get secret <secret-name> -n <namespace> -o jsonpath='{.data.<key>}' | base64 --decode

5. Upgrading Kubernetes Clusters

Upgrading clusters ensures you get the latest features and security patches. General steps:

  1. Upgrade the control plane components (e.g., kube-apiserver, kube-scheduler).

  2. Upgrade node components (e.g., kubelet, kubectl).

  3. Verify cluster functionality post-upgrade.

Conclusion

Helm simplifies Kubernetes deployments, YAML validation ensures robustness, and monitoring and security tools help maintain a healthy cluster. Mastering these tools will empower you to manage Kubernetes environments effectively.

Happy K8s journey!

#k8s

More from this blog

DevOps Journey with M Hassan

174 posts

I am writing these blogs because I recently completed a comprehensive DevOps course where I gained in-depth knowledge of the topics mentioned. As I progressed through the course, I realized the importance of having a concise and accessible resource to revise and reinforce my understanding of each topic. Therefore, I decided to create cheat sheets in the form of blog posts. These cheat sheets will not only serve as a handy reference for myself but also benefit others who are also interested in mastering DevOps concepts. By documenting each topic and providing concise explanations, I aim to create a valuable resource that simplifies complex concepts and facilitates hands-on practice. This way, I can solidify my own understanding while helping others on their DevOps journey.