Helm Chart Testing on OpenShift Pipelines
Introduction
OpenShift Pipelines is a cloud-native CI/CD solution built on Tekton that allows you to define and run pipelines for your applications. Helm charts are a convenient way to package and deploy applications on Kubernetes, including OpenShift. To ensure the quality and reliability of Helm charts, it’s important to perform tests on them. In this blog, we will explore using the Chart Testing tool to perform tests on Helm charts within OpenShift Pipelines.
Prerequisites
Before we begin, make sure you have the following prerequisites installed:
- OpenShift Cluster
- OpenShift Pipelines Operator installed
- Understanding of OpenShift Pipelines and Tasks
Chart Testing Tasks
ct
is the the tool for testing Helm charts. It is meant to be used for linting and testing pull requests. It automatically detects charts changed against the target branch.
The ct install
command includes helm install
and helm test
; helm test
performs port-forwarding to validate the installation’s success. Since the chart testing commands are run inside a pod, we need to ensure it can connect to the cluster to perform those tasks. If the pod cannot connect to the cluster, you’ll see the error below.
The connection to the server localhost:8080 was refused - did you specify the right host or port?
Error printing details: failed waiting for process: exit status 1
Error printing logs: failed running process: exit status 1
Deleting release "deploy-jgyw6ew05y"...
release "deploy-jgyw6ew05y" uninstalled
------------------------------------------------------------------------------------------------------------------------
✖︎ deploy => (version: "0.1.0", path: "deploy") > failed running process: exit status 1
------------------------------------------------------------------------------------------------------------------------
failed installing charts: failed processing charts
Error: failed installing charts: failed processing charts
To solve the above error, we’ll follow below steps:
- Create a new service account and secret token from the service account.
- Grant appropriate permissions to the service account.
- Create a kubeconfig file using the kubeconfig creator task. By mounting the service account token as an environment variable from the secret in the task
- This task’s output will be the kubeconfig file stored in the workspace and shared across tasks.
Create a new service account
oc create sa ct-helm-task
Create a token secret from serviceaccount,
oc apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: ct-helm-task
annotations:
kubernetes.io/service-account.name: ct-helm-task
type: kubernetes.io/service-account-token
EOF
Grant permissions to the service account
oc policy add-role-to-user edit -z ct-helm-task -n pipelines-helm
The task will use the kubeconfigwriter
image and the provided parameters to create a kubeconfig
file that can be used by other tasks in the pipeline to access the target cluster. The kubeconfig will be placed at /workspace/<workspace-name>/kubeconfig
.
|
|
Finally, create a task using the chart-testing
image. We’ll export the KUBECONFIG
variable with the kubeconfig location from the workspace to the helm chart testing task.
|
|
Setting Up OpenShift Pipeline
Create a pipeline resource to perform git-clone
of the helm chart repository, then create a kubeconfig
file and chart-testing
task to run lint and install to validate the chart changes.
|
|
Conclusion
In this blog, we have demonstrated how to perform tests on Helm charts using the Chart Testing tool within OpenShift Pipelines. By setting up a pipeline with tasks for linting and testing, you can ensure the quality and reliability of your Helm charts before deploying them to your OpenShift cluster.