-
Notifications
You must be signed in to change notification settings - Fork 9
Migrating from Tailor to Helm
Tailor has been developed for OpenShift 3.11. Back in the days, Helm 2 required the use of a privileged Tiller service and did not work well with OpenShift-specific resources. With Helm 3 and OpenShift 4, this situation as changed.
While Tailor also works in an OpenShift 4 cluster, OpenShift has integrating Helm into its product, and Helm has a huge and growing community. Therefore, it is recommended to use Helm instead of Tailor in an OpenShift 4 cluster.
This document will describe how to migrate from Tailor to Helm.
Tailor is based on OpenShift templates, which define the Kubernetes resources to apply. Helm uses a different templating language / engine, but in the end the templates also describe Kubernetes resources. Therefore, migration effort is relatively low as one only needs to change the syntax of the definition, not the definition itself. Further, there are differences between the CLI of the two tools and not all features of Tailor are available in Helm and vice-versa. Once migration to Helm is complete, it is also recommended to look at the best practices in the Helm community and adopt these.
There are basically two options how to approach this: you can either convert your existing OpenShift templates to chart templates, or you can start with a blank chart and adjust it as necessary.
If you want to convert your existing templates, you may use template2helm. This method should require less effort, but you are left with a template that might have some errors and does not follow best practices from the Helm community.
Example usage:
template2helm convert -t openshift/template.yml -c . # Will create a "chart" folder in .
The other option is to start from a blank chart and adjust this as necessary to match the live configuration. This will almost certainly be more effort than converting the templates, but you will learn more about Helm templating and can start out with some best practices.
Example usage:
helm create chart
It is recommended to use helm lint
to check for errors before continuing.
Next, you’d want to check whether the new Helm templates match the old OpenShift templates. For this task, it is recommended to make use of the helm-diff plugin. This will show all differences that exist between live configuration and the Helm template (note that you might need to adopt the resources first, see the next section). Adjust the new chart until there is no difference to the live configuration. Then your new chart is equivalent to the old templates, and you can remove the old templates from your repository.
Helm does not simply take ownership on already existing resources. You need to adopt them first. To achieve this, you could use the following script (based on comments in https://github.com/helm/helm/pull/7649):
#!/usr/bin/env bash
set -eu
set -o pipefail
NAMESPACE=$1 # e.g. foo-dev
LABEL=$2 # e.g. app=foo-bar
RELEASE=$3 # e.g. bar
KINDS='ImageStream,BuildConfig,Service,DeploymentConfig,Deployment,Route,ConfigMap,Secret,PersistentVolumeClaim,ServiceAccount,RoleBinding'
RESOURCES=$(oc -n $NAMESPACE get $KINDS -l $LABEL -o template='{{range .items}}{{.kind}}/{{.metadata.name}} {{end}}')
for RESOURCE in $RESOURCES; do
echo "Adopting $RESOURCE ..."
oc -n $NAMESPACE annotate $RESOURCE meta.helm.sh/release-name=$RELEASE
oc -n $NAMESPACE annotate $RESOURCE meta.helm.sh/release-namespace=$NAMESPACE
oc -n $NAMESPACE label $RESOURCE app.kubernetes.io/managed-by=Helm
done
Example usage: ./adopt.sh foo-dev app=foo-bar bar
-
Tailor supports diffing out-of-the-box, for Helm you can use the helm-diff plugin
-
Tailor supports encrypting secrets out-of-the-box, for Helm you can use the helm-secrets plugin
-
In Helm, manual changes in the cluster are not reported by
helm-diff
, nor doeshelm upgrade
reset to the value in the chart. Even if the field ownership is changed back to "helm", the manual change is not reset. Only when the value in the chart changes, then the live configuration gets updated. Tailor will immediately report drift.
-
Exporting of resources via
tailor export
. Helm does not offer this. You may want to take a look at chartify. -
Preserving live configuration. This is due to the different patching algorithm, see the section about behaviour differences above.
These are just some examples worth noting. The list is by no means complete.
-
Packaging (https://helm.sh/docs/helm/helm_package/)
-
Chart tests (https://helm.sh/docs/topics/chart_tests/)
-
Umbrella charts