Understanding Ansible: Helm diff plugin

Here in this blog, we’ll discuss how we can leverage the validate & dry-run option in Ansible with Ansible: Helm diff plugin.

Helm is one of the important managing tool for Kubernetes. When we talk about large-scale helm manageability, there is a requirement for another tool through which we can manage helm deployments. There can be multiple options through which we can manage Helm but Ansible gives more flexibility to manage Helm deployments. Not only flexibility, but Ansible is consist of many features and core kubernetes modules through which we can manage Helm deployments.

Having a large variety of kubernetes core modules, Ansible not only for Helm deployments but also helps to manage kubernetes and use to manipulate other kinds of commands.

This Blog is not about the basics of helm & Ansible management but about one of the important features which is validate & dry-run option in Ansible for Helm deployments.

When we talk about dry-run or validations, Ansible helps the user to get the dry-run & validation but the only issue is that it only prints ok & changed status which is not enough information about the deployments. The important thing about multiple helm deployments at once is that the user requires what are the things that are going to change for specific helm deployments. This will help the user to validate and check whether things are changing accordingly or not.

To setup this, we need to install the Helm plugin which will work with Ansible dry-run and check options and will provide output.

You can get Ansible role code in my Github account which will consist of the code and command that this blog includes.

GitHub Link: https://github.com/b44rawat/ansible-helm-diff

YAML INFORMATION

Below is the main.yaml which consists of information like

• Helm diff plugin installation
• Add Helm chart repository
• Nginx controller setup

Save the below block content inside the main.yamlfile

The screenshot mentioned the values of any specific deployment things inside main.yaml .

Once you create YAML file, you need to use the below command to setup the initial state for the resources. Just make sure this is not a dry-run command. It will install the initial draft which will later use for idempotent and changes.

ansible-playbook -i /location/to/inventory main.yaml

OUTPUT:

NOTE: This is not a dry-run or a simple check. This will install resources in your Kubernetes cluster.

DRY RUN DEMONSTRATE

As we created the initial part of the resources using Ansible. Now, we will dry-run command to check what are things are going to change using Ansible. As Ansible supports idempotent, it will print only ok once there are no changes occur.

The below command will not show anything that are going to change as we didn’t modify or add anything.

ansible-playbook -i /location/to/inventory main.yaml --check --diff

OUTPUT:

NOTE: kubernetes.core.helm_plugin is not a idempotent as it will show changed status

DRY RUN VALIDATION

The Dry-run demonstrate didn’t show anything changed as there was no changes done by user.

Let’s modify some changes, you can use the below main.yaml file with modified values

Below is the values added to check for any changes

Now, once you use ansible-playbook command with dry-run options

ansible-playbook -i /location/to/inventory main.yaml --check --diff

Once you run that command, you will get the changes that are added in your values.yaml file.

OUTPUT:

It will show + & - at the beginning of the line.

• + : it will add that functionally from the deployment
• - : It will remove that functionally from the deployment

VALIDATION

Once you validate and checked all the required changes, you can use the below command to configure those changes.

ansible-playbook -i /location/to/inventory main.yaml

Once, you run that command, you can check the below command to whether the values are modified or not.

kubectl describe pods nginx-ingress-nginx-ingress-XXXXXXXXXX-XXXXX -n nginx-ingress

OUTPUT:

NOTE: For different helm deployment, you need to check different resources. So, validation method of the changes can be very different.

SUMMARY

The Ansible helm diff will give the user a glimpse of changes that will occur when the user will apply changes. This will help to check exactly the modification part rather than having all information or no information.

One demerit of using helm diff is that it shows full manifest information like deployment, service, CRDs, etc. This can be hectic for a user to visualize the changes.

REFERENCES

• https://docs.ansible.com/ansible/latest/collections/kubernetes/core/helm_module.html
• https://docs.ansible.com/ansible/latest/collections/kubernetes/core/helm_plugin_module.html
• https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-helm/
• https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.0
• https://artifacthub.io/packages/helm/nginx/nginx-ingress

Originally published here — https://blog.opstree.com/2022/10/18/understanding-ansible-helm-diff-plugin/