Understanding Ansible: Helm diff plugin

Helm is one of the important tools for managing resources for Kubernetes. When we talk about large-scale helm manageability, there is a requirement for another tool through which we can manage helm deployments. There can be multiple options through which we can manage Helm but Ansible gives more flexibility to manage Helm deployments. Not only flexibility, but Ansible consists of many features and core Kubernetes modules through which we can manage Helm deployments.

Having a large variety of Kubernetes core modules, Ansible is not only for Helm deployments but also helps to manage Kubernetes and can be used to manipulate other kinds of commands.

This Blog is not about the basics of helm & Ansible management but about one of the important features which is the validate & dry-run option in Ansible for Helm deployments.

When we talk about dry runs or validations, Ansible helps users to get the dry run & validation but the only issue is that it only prints ok & changed status which is not enough information about the deployments. The important thing about multiple helm deployments at once is that the user requires what are the things that are going to change for specific helm deployments. This will help the user to validate and check whether things are changing accordingly or not.

To set up this, we need to install the Helm plugin which will work with Ansible dry-run and check options and provide output.

You can get Ansible role code in my GitHub account which will consist of the code and command that this blog includes.

GitHub Link: https://github.com/b44rawat/ansible-helm-diff

YAML INFORMATION

Below is the main.yaml which consists of information like

Helm diff plugin installation
Add Helm chart repository
Nginx controller setup

Save the below block content inside the main.yamlfile

	—
	– name: Setup
	hosts: all
	become: true
	tasks:
	– name: Install Helm Diff
	kubernetes.core.helm_plugin:
	plugin_path: "https://github.com/databus23/helm-diff"
	state: present
	– name: Add Chart repo for kubernetes
	kubernetes.core.helm_repository:
	repo_name: "nginx-stable"
	repo_url: "https://helm.nginx.com/stable"
	repo_state: present
	– name: Create Nginx Ingress Controller deployment
	kubernetes.core.helm:
	release_name: nginx-ingress
	chart_ref: "nginx-stable/nginx-ingress"
	chart_version: "0.14.0"
	release_namespace: nginx-ingress
	create_namespace: yes
	release_state: present
	values:
	controller:
	service:
	create: true
	type: NodePort

view raw main.yaml hosted with ❤ by GitHub

The screenshot mentioned the values of any specific deployment things inside main.yaml .

Once you create the YAML file, you need to use the below command to set up the initial state for the resources. Just make sure this is not a dry-run command. It will install the initial draft which will later use for idempotent and changes.

ansible-playbook -i /location/to/inventory main.yaml

OUTPUT:

NOTE: This is not a dry run or a simple check. This will install resources in your Kubernetes cluster.

DRY RUN DEMONSTRATE

As we created the initial part of the resources using Ansible. Now, we will dry-run the command to check what things are going to change using Ansible. As Ansible supports idempotent, it will print only ok once there are no changes occur.

The below command will not show anything that is going to change as we didn’t modify or add anything.

ansible-playbook -i /location/to/inventory main.yaml --check --diff

OUTPUT:

NOTE: kubernetes.core.helm_plugin is not an idempotent as it will show changed status

DRY RUN VALIDATION

The Dry-run demonstration didn’t show anything changed as there were no changes done by the user.

Let’s modify some changes, you can use the below main.yaml file with modified values

	—
	– name: Setup
	hosts: all
	become: true
	tasks:
	– name: Install Helm Diff
	kubernetes.core.helm_plugin:
	plugin_path: "https://github.com/databus23/helm-diff"
	state: present
	become: false
	– name: Add Chart repo for kubernetes
	kubernetes.core.helm_repository:
	repo_name: "nginx-stable"
	repo_url: "https://helm.nginx.com/stable"
	repo_state: present
	become: false
	– name: Create Nginx Ingress Controller deployment
	kubernetes.core.helm:
	release_name: nginx-ingress
	chart_ref: "nginx-stable/nginx-ingress"
	chart_version: "0.14.0"
	release_namespace: nginx-ingress
	create_namespace: yes
	release_state: present
	values:
	controller:
	pod:
	extraLabels:
	key1: value1
	service:
	create: true
	type: NodePort
	become: false

view raw main.yaml hosted with ❤ by GitHub

Below are the values added to check for any changes

Now, once you use ansible-playbook command with dry-run options

ansible-playbook -i /location/to/inventory main.yaml --check --diff

Once you run that command, you will get the changes that were added in your values.yaml file.

OUTPUT:

It will show + & - at the beginning of the line.

+ : it will add that functionally from the deployment
- : It will remove that functionality from the deployment

VALIDATION

Once you validate and checked all the required changes, you can use the below command to configure those changes.

ansible-playbook -i /location/to/inventory main.yaml

Once, you run that command, you can check the below command to ensure whether the values are modified or not.

kubectl describe pods nginx-ingress-nginx-ingress-XXXXXXXXXX-XXXXX -n nginx-ingress

OUTPUT:

NOTE: For different helm deployments, you need to check different resources. So, the validation method of the changes can be very different.

SUMMARY

The Ansible helm diff will give users a glimpse of changes that will occur when any changes are applied. This will help to check exactly the modification part rather than having all information or no information.

One demerit of using helm diff is showing complete manifest information like deployment, service, CRDs, etc. This can be hectic for a user to visualize the changes.