charts/stable and git references September 25, 2021
valeblog
0 Comment
blue and white sailboat on ocean during daytime

Helm was meant to be the package manager for Kubernetes. One common problem for package managers is “how do I find my packages?” Many package systems opt for having a default central repository for stuff. Distros have their central repos for apt. Programming languages too: for Node it’s npm, for Ruby it’s RubyGems, for Java it’s Maven central, for Clojure it’s Clojars. Of course most if not all systems have a way to add other package repositories or at least some other means to pull in dependencies (referencing git commits for example).

For Helm the central repository of charts/stable used to be the obvious default. You can of course add other repositories too, but defaults are powerful and many people will just give up if something is not available in the default source. On the other hand, having everything in one place puts a huge burden on the maintainers of that one place, as was the case of charts/stable. So they deprecated it.

On my cluster I’d use charts/stable for many of the charts I use. When that stopped being the recommended way, I’d change my installations to use git references instead. I preferred those instead of (the recommended) Helm repos, because it was easier to navigate and check on Github what gets installed.

Then things started breaking: dependencies going missing, Chart.yaml version differences causing installs to fail. I’m probably to blame for not pinning chart versions (or commits) and using */master for having the latest installed (at the same time risking breakage). Especially using git branches (a moving target) instead of pinning versions proved to be really dangerous as there can be inconsistencies.

Conclusion is: use Helm repo and not git whenever possible. If using git, pin versions as much as possible. Even with Helm repos, consider pinning at least the major version as changes in those might involve breakage from differences in config (format) expectations that require manual intervention. Especially if you don’t have much alerting set up it’s better to fly safe and update your cluster every Hacktoberfest for swag Pull Requests than come back from a summer road trip and see that half of your cluster has been down for a week.