Helm 3 package manager arrives for Kubernetes

Security, release management among improvement areas

Helm 3 package manager arrives for Kubernetes
Thinkstock

Helm, the package manager for the Kubernetes container management system, is available in a new major release, Helm 3, with improvements to chart repos and security. Helm 3 also has improvements in the areas of release management and library charts.

Cloud Native Computing Foundation (CNCF) project, Helm is used to streamline Kubernetes deployments by making it easy to find, share, and deploy software on Kubernetes. Helm leverages a packaging format called charts, which are collections of files to describe a related set of Kubernetes resources. Helm charts can be packaged into versioned archives for deployment. Whereas Helm 2 described a workflow for creating and managing charts, Helm 3 builds upon that workflow by changing the underlying infrastructure to reflect community desires.

Helm 3 additions and improvements include:

  • An improved upgrade strategy, leveraging three-way strategic merge patches. Helm considers the old manifest, its live state, and the new manifest of when generating a patch.
  • The removal of Tiller, a tool for release management. Role-based access controls in Kubernetes 1.6 made it more difficult to use Tiller. Removal simplifies the Helm security model. Release names now are scoped to the namespace. In the absence of Tiller, Helm now supports the security, identity, and authorization features of Kubernetes.
  • While Helm 2 used ConfigMaps by default to store release information, Helm 3 uses Secrets as the default storage driver.
  • The .Capabilities built-in object available during rendering has been simplified.
  • A JSON schema now can be imposed upon chart values, to ensure that values provided by the user follow the schema laid out by the chart maintainer. This provides better error reporting when an incorrect set of values is provided for a chart.
  • The chart dependency management system has moved from requirements.yaml and requirements.lock to Chart.yaml and Chart.lock.
  • A chart class called “library chart” is supported. This is a chart shared by other charts but that does not create any release artifacts of its own.

The Helm project was founded as an open source project at startup Deis in 2015. The next phase of Helm’s development will emphasize stability and enhancements to existing features. The roadmap cites enhanced functionality for Helm test, improvements to OCI integration, and enhancements to Go client libraries.

Where to download Helm

You can download Helm from GitHub.