🕸️

helm 学習のために WSL2 に minikube で k8s 環境を作る

2024/03/09に公開

目的

helm とか helmfile 勉強したいモチベーションはあるがそもそも k8s 環境が無いので作る
(ただし EKS とか GKE 使うほどガチで k8s 環境組みたいわけではないのでローカルでなんとかしたい

先に記しておくと、途中枝葉の部分で詰まったのを含めて所要時間は2時間半程度でした。
きちんと環境整備してある人なら1時間くらいで終わるのではと思います。

やること

  • kubectl インストール
  • minikube でローカルに環境構築
  • helm, helmfile diff, helmfile インストール

kubectl インストール

大したことないので割愛。

install コマンド実行結果
> sudo apt-get update && sudo apt-get install -y apt-transport-https gnupg2
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubectl
Get:1 file:/var/cuda-repo-wsl-ubuntu-11-7-local  InRelease [1575 B]
Get:1 file:/var/cuda-repo-wsl-ubuntu-11-7-local  InRelease [1575 B]
Get:2 https://dl.yarnpkg.com/debian stable InRelease [17.1 kB]
Get:3 https://packages.microsoft.com/ubuntu/20.04/prod focal InRelease [3632 B]
Get:4 https://download.docker.com/linux/ubuntu focal InRelease [57.7 kB]
Err:2 https://dl.yarnpkg.com/debian stable InRelease
  The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>
Get:5 https://dl.google.com/linux/chrome/deb stable InRelease [1825 B]
Err:5 https://dl.google.com/linux/chrome/deb stable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E88979FB9B30ACF2
Get:6 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:7 http://ppa.launchpad.net/git-core/ppa/ubuntu focal InRelease
Get:8 http://packages.cloud.google.com/apt cloud-sdk InRelease [6361 B]
Hit:9 http://archive.ubuntu.com/ubuntu focal InRelease
Err:8 http://packages.cloud.google.com/apt cloud-sdk InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
Get:10 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Hit:11 http://ppa.launchpad.net/longsleep/golang-backports/ubuntu focal InRelease
Ign:12 https://apt.fury.io/ascii-image-converter  InRelease
Ign:13 https://apt.fury.io/ascii-image-converter  Release
Get:14 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [2773 kB]
Ign:15 https://apt.fury.io/ascii-image-converter  Packages
Ign:16 https://apt.fury.io/ascii-image-converter  Translation-en
Hit:17 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Get:15 https://apt.fury.io/ascii-image-converter  Packages
Get:18 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [3151 kB]
Ign:16 https://apt.fury.io/ascii-image-converter  Translation-en
Ign:16 https://apt.fury.io/ascii-image-converter  Translation-en
Get:19 http://security.ubuntu.com/ubuntu focal-security/main Translation-en [421 kB]
Ign:16 https://apt.fury.io/ascii-image-converter  Translation-en
Get:20 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [2636 kB]
Get:21 http://security.ubuntu.com/ubuntu focal-security/restricted Translation-en [368 kB]
Ign:16 https://apt.fury.io/ascii-image-converter  Translation-en
Get:22 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [948 kB]
Get:23 http://archive.ubuntu.com/ubuntu focal-updates/main Translation-en [503 kB]
Ign:16 https://apt.fury.io/ascii-image-converter  Translation-en
Get:24 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [2753 kB]
Ign:16 https://apt.fury.io/ascii-image-converter  Translation-en
Get:25 http://archive.ubuntu.com/ubuntu focal-updates/restricted Translation-en [384 kB]
Get:26 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1174 kB]
Get:27 http://security.ubuntu.com/ubuntu focal-security/universe Translation-en [199 kB]
Get:28 http://archive.ubuntu.com/ubuntu focal-updates/universe Translation-en [281 kB]
Fetched 15.9 MB in 5s (3479 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.google.com/linux/chrome/deb stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E88979FB9B30ACF2
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://packages.cloud.google.com/apt cloud-sdk InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
W: Failed to fetch https://dl.google.com/linux/chrome/deb/dists/stable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E88979FB9B30ACF2
W: Failed to fetch http://packages.cloud.google.com/apt/dists/cloud-sdk/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease  The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  golang-1.19-go golang-1.19-src libxmlb1
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
  gnupg2
The following packages will be upgraded:
  apt-transport-https
1 upgraded, 1 newly installed, 0 to remove and 296 not upgraded.
Need to get 7020 B of archives.
After this operation, 51.2 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 apt-transport-https all 2.0.10 [1704 B]
Get:2 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 gnupg2 all 2.2.19-3ubuntu2.2 [5316 B]
Fetched 7020 B in 1s (13.0 kB/s)
(Reading database ... 197257 files and directories currently installed.)
Preparing to unpack .../apt-transport-https_2.0.10_all.deb ...
Unpacking apt-transport-https (2.0.10) over (2.0.9) ...
Selecting previously unselected package gnupg2.
Preparing to unpack .../gnupg2_2.2.19-3ubuntu2.2_all.deb ...
Unpacking gnupg2 (2.2.19-3ubuntu2.2) ...
Setting up gnupg2 (2.2.19-3ubuntu2.2) ...
Setting up apt-transport-https (2.0.10) ...
Processing triggers for man-db (2.9.1-1) ...
OK
deb https://apt.kubernetes.io/ kubernetes-xenial main
Get:1 file:/var/cuda-repo-wsl-ubuntu-11-7-local  InRelease [1575 B]
Get:1 file:/var/cuda-repo-wsl-ubuntu-11-7-local  InRelease [1575 B]
Hit:2 https://download.docker.com/linux/ubuntu focal InRelease
Get:3 https://dl.yarnpkg.com/debian stable InRelease [17.1 kB]
Hit:4 https://packages.microsoft.com/ubuntu/20.04/prod focal InRelease
Get:5 https://dl.google.com/linux/chrome/deb stable InRelease [1825 B]
Err:3 https://dl.yarnpkg.com/debian stable InRelease
  The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>
Ign:6 https://packages.cloud.google.com/apt kubernetes-xenial InRelease
Err:5 https://dl.google.com/linux/chrome/deb stable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E88979FB9B30ACF2
Hit:7 http://security.ubuntu.com/ubuntu focal-security InRelease
Err:8 https://packages.cloud.google.com/apt kubernetes-xenial Release
  404  Not Found [IP: 142.250.199.110 443]
Get:9 http://packages.cloud.google.com/apt cloud-sdk InRelease [6361 B]
Err:9 http://packages.cloud.google.com/apt cloud-sdk InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
Hit:10 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:11 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Ign:12 https://apt.fury.io/ascii-image-converter  InRelease
Hit:13 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Ign:14 https://apt.fury.io/ascii-image-converter  Release
Ign:15 https://apt.fury.io/ascii-image-converter  Packages
Hit:16 http://ppa.launchpad.net/git-core/ppa/ubuntu focal InRelease
Ign:17 https://apt.fury.io/ascii-image-converter  Translation-en
Get:15 https://apt.fury.io/ascii-image-converter  Packages
Hit:18 http://ppa.launchpad.net/longsleep/golang-backports/ubuntu focal InRelease
Ign:17 https://apt.fury.io/ascii-image-converter  Translation-en
Ign:17 https://apt.fury.io/ascii-image-converter  Translation-en
Ign:17 https://apt.fury.io/ascii-image-converter  Translation-en
Ign:17 https://apt.fury.io/ascii-image-converter  Translation-en
Ign:17 https://apt.fury.io/ascii-image-converter  Translation-en
Ign:17 https://apt.fury.io/ascii-image-converter  Translation-en
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.google.com/linux/chrome/deb stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E88979FB9B30ACF2
E: The repository 'https://apt.kubernetes.io kubernetes-xenial Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://packages.cloud.google.com/apt cloud-sdk InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
Reading package lists... Done
Building dependency tree
Reading state information... Done
kubectl is already the newest version (1.24.4-00).
The following packages were automatically installed and are no longer required:
  golang-1.19-go golang-1.19-src libxmlb1
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 296 not upgraded.

minikube インストールと k8s 環境構築

インストール

公式 の手順に従うのみです
下記は Linux, x86-64, Satble, Debian package を選択した場合の実行例です。

> curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb
sudo dpkg -i minikube_latest_amd64.deb
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 28.9M  100 28.9M    0     0  7723k      0  0:00:03  0:00:03 --:--:-- 7721k
[sudo] password for minatosingull:
Selecting previously unselected package minikube.
(Reading database ... 197256 files and directories currently installed.)
Preparing to unpack minikube_latest_amd64.deb ...
Unpacking minikube (1.32.0-0) ...
Setting up minikube (1.32.0-0) ...

クラスター作成

> minikube start
😄  minikube v1.32.0 on Ubuntu 20.04 (amd64)
👎  Unable to pick a default driver. Here is what was considered, in preference order:
    ▪ docker: Not healthy: "docker version --format {{.Server.Os}}-{{.Server.Version}}:{{.Server.Platform.Name}}" exit status 1: Cannot connect to the Docker daemon at tcp://localhost:2375. Is the docker daemon running?
    ▪ docker: Suggestion: Start the Docker service <https://minikube.sigs.k8s.io/docs/drivers/docker/>
💡  Alternatively you could install one of these drivers:
    ▪ kvm2: Not installed: exec: "virsh": executable file not found in $PATH
    ▪ qemu2: Not installed: stat /usr/share/OVMF/OVMF_CODE.fd: no such file or directory
    ▪ podman: Not installed: exec: "podman": executable file not found in $PATH
    ▪ virtualbox: Not installed: unable to find VBoxManage in $PATH

❌  Exiting due to DRV_DOCKER_NOT_RUNNING: Found docker, but the docker service isn't running. Try restarting the docker service.

失敗した...

docker version --format {{.Server.Os}}-{{.Server.Version}}:{{.Server.Platform.Name}}" exit status 1: Cannot connect to the Docker daemon at tcp://localhost:2375.

同コマンドを実行してみる

> docker version --format {{.Server.Os}}-{{.Server.Version}}:{{.Server.Platform.Name}}
linux-20.10.24:Docker Desktop

実行できた。なぜ。

どうも sudo あり docker と sudo 無し docker で挙動が違うらしい。
※すごい昔に alias docker="sudo docker" を設定していたらしい

> docker ps
Cannot connect to the Docker daemon at tcp://localhost:2375. Is the docker daemon running?
 ~ .............................................................................................................................................................................................................................................. 00:49:25
> sudo docker ps
CONTAINER ID   IMAGE       COMMAND                  CREATED        STATUS         PORTS                               NAMES
8d93f5139046   mysql:8.0   "docker-entrypoint.s…"   8 months ago   Up 4 minutes   33060/tcp, 0.0.0.0:3308->3306/tcp   xxxxx_test

"docker Cannot connect to the Docker daemon at tcp://localhost:2375."
で ggl と以下の記事を発見。
WSL2でDOCKER_HOSTが指定されているとDockerが動かない
実際、元々 WSL で docker を使っていて後から WSL に上げたという経緯がある。
.zshrc を見てみると記事中にあるとおり DOCKER_HOST 指定があったので外して再度 docker コマンドの挙動を確認

> docker version
Client: Docker Engine - Community
 Version:           23.0.1
 API version:       1.42
 Go version:        go1.19.5
 Git commit:        a5ee5b1
 Built:             Thu Feb  9 19:46:56 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          23.0.1
  API version:      1.42 (minimum version 1.12)
  Go version:       go1.19.5
  Git commit:       bc3805a
  Built:            Thu Feb  9 19:46:56 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.18
  GitCommit:        2456e983eb9e37e47538f59ea18f2043c9a73640
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

動いたので再度 minikube の起動を試みる

> minikube start
😄  minikube v1.32.0 on Ubuntu 20.04 (amd64)
✨  Automatically selected the docker driver. Other choices: none, ssh
📌  Using Docker driver with root privileges
👍  Starting control plane node minikube in cluster minikube
🚜  Pulling base image ...
💾  Downloading Kubernetes v1.28.3 preload ...
    > preloaded-images-k8s-v18-v1...:  403.35 MiB / 403.35 MiB  100.00% 5.48 Mi
    > gcr.io/k8s-minikube/kicbase...:  453.90 MiB / 453.90 MiB  100.00% 5.75 Mi
🔥  Creating docker container (CPUs=2, Memory=2200MB) ...
🐳  Preparing Kubernetes v1.28.3 on Docker 24.0.7 ...
    ▪ Generating certificates and keys ...
    ▪ Booting up control plane ...
    ▪ Configuring RBAC rules ...
🔗  Configuring bridge CNI (Container Networking Interface) ...
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🔎  Verifying Kubernetes components...
🌟  Enabled addons: storage-provisioner, default-storageclass

❗  /usr/bin/kubectl is version 1.24.4, which may have incompatibilities with Kubernetes 1.28.3.
    ▪ Want kubectl v1.28.3? Try 'minikube kubectl -- get pods -A'
🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

(kubectl のバージョンの warning 出てるけどまぁいったん無視しましょう。

default の namespace 指定でつながるように設定までしてくれたらしいので早速繋いでみましょう。

> minikube kubectl -- get pods -A
    > kubectl.sha256:  64 B / 64 B [-------------------------] 100.00% ? p/s 0s
    > kubectl:  47.56 MiB / 47.56 MiB [-------------] 100.00% 6.76 MiB p/s 7.2s
NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE
kube-system   coredns-5dd5756b68-zml9z           1/1     Running   0          4m49s
kube-system   etcd-minikube                      1/1     Running   0          5m
kube-system   kube-apiserver-minikube            1/1     Running   0          5m
kube-system   kube-controller-manager-minikube   1/1     Running   0          5m
kube-system   kube-proxy-gtzjp                   1/1     Running   0          4m50s
kube-system   kube-scheduler-minikube            1/1     Running   0          5m4s
kube-system   storage-provisioner                1/1     Running   0          4m58s

Done 🎉

適当に公式のサンプルをデプロイしてみます。

> kubectl apply -f hello-world.yml
deployment.apps/nginx-deployment created
> kc get pod
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-86dcfdf4c6-bv65m   1/1     Running   0          65s
nginx-deployment-86dcfdf4c6-vnkqk   1/1     Running   0          65s
nginx-deployment-86dcfdf4c6-vvq4d   1/1     Running   0          65s

無事デプロイできたことが確認できました 🎊

helm, helmfile diff, helmfile をインストール

helm インストール(スクリプト), helm チャートリポジトリ初期化

> curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
 ~/workdir/minikube-deploy ...................................................................................... 01:44:17
> chmod 700 get_helm.sh
 ~/workdir/minikube-deploy ...................................................................................... 01:44:23
> ./get_helm.sh
Downloading https://get.helm.sh/helm-v3.14.2-linux-amd64.tar.gz
Verifying checksum... Done.
Preparing to install helm into /usr/local/bin
[sudo] password for minatosingull:
helm installed into /usr/local/bin/helm
 ~/workdir/minikube-deploy ................................................................... 8s  minikube kube  01:44:34
> helm version
version.BuildInfo{Version:"v3.14.2", GitCommit:"c309b6f0ff63856811846ce18f3bdc93d2b4d54b", GitTreeState:"clean", GoVersion:"go1.21.7"}
 ~/workdir/minikube-deploy ....................................................................... minikube kube  01:44:40
> helm repo add stable https://charts.helm.sh/stable
"stable" has been added to your repositories

以下は こちら を参考に実施

helmfile diff

install log
> helm plugin install https://github.com/databus23/helm-diff
Downloading https://github.com/databus23/helm-diff/releases/latest/download/helm-diff-linux-amd64.tgz
Preparing to install into /home/minatosingull/.local/share/helm/plugins/helm-diff
helm-diff installed into /home/minatosingull/.local/share/helm/plugins/helm-diff/helm-diff

The Helm Diff Plugin

* Shows a diff explaining what a helm upgrade would change:
    This fetches the currently deployed version of a release
  and compares it to a local chart plus values. This can be
  used visualize what changes a helm upgrade will perform.

* Shows a diff explaining what had changed between two revisions:
    This fetches previously deployed versions of a release
  and compares them. This can be used visualize what changes
  were made during revision change.

* Shows a diff explaining what a helm rollback would change:
    This fetches the currently deployed version of a release
  and compares it to the previously deployed version of the release, that you
  want to rollback. This can be used visualize what changes a
  helm rollback will perform.

Usage:
  diff [flags]
  diff [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  release     Shows diff between release's manifests
  revision    Shows diff between revision's manifests
  rollback    Show a diff explaining what a helm rollback could perform
  upgrade     Show a diff explaining what a helm upgrade would change.
  version     Show version of the helm diff plugin

Flags:
      --allow-unreleased                         enables diffing of releases that are not yet deployed via Helm
  -a, --api-versions stringArray                 Kubernetes api versions used for Capabilities.APIVersions
      --color                                    color output. You can control the value for this flag via HELM_DIFF_COLOR=[true|false]. If both --no-color and --color are unspecified, coloring enabled only when the stdout is a term and TERM is not "dumb"
  -C, --context int                              output NUM lines of context around changes (default -1)
      --detailed-exitcode                        return a non-zero exit code when there are changes
      --devel                                    use development versions, too. Equivalent to version '>0.0.0-0'. If --version is set, this is ignored.
      --disable-openapi-validation               disables rendered templates validation against the Kubernetes OpenAPI Schema
      --disable-validation                       disables rendered templates validation against the Kubernetes cluster you are currently pointing to. This is the same validation performed on an install
      --dry-run string[="client"]                --dry-run, --dry-run=client, or --dry-run=true disables cluster access and show diff as if it was install. Implies --install, --reset-values, and --disable-validation. --dry-run=server enables the cluster access with helm-get and the lookup template function.
      --enable-dns                               enable DNS lookups when rendering templates
  -D, --find-renames float32                     Enable rename detection if set to any value greater than 0. If specified, the value denotes the maximum fraction of changed content as lines added + removed compared to total lines in a diff for considering it a rename. Only objects of the same Kind are attempted to be matched
  -h, --help                                     help for diff
      --include-tests                            enable the diffing of the helm test hooks
      --insecure-skip-tls-verify                 skip tls certificate checks for the chart download
      --install                                  enables diffing of releases that are not yet deployed via Helm (equivalent to --allow-unreleased, added to match "helm upgrade --install" command
      --kube-version string                      Kubernetes version used for Capabilities.KubeVersion
      --kubeconfig string                        This flag is ignored, to allow passing of this top level flag to helm
      --no-color                                 remove colors from the output. If both --no-color and --color are unspecified, coloring enabled only when the stdout is a term and TERM is not "dumb"
      --no-hooks                                 disable diffing of hooks
      --normalize-manifests                      normalize manifests before running diff to exclude style differences from the output
      --output string                            Possible values: diff, simple, template, dyff. When set to "template", use the env var HELM_DIFF_TPL to specify the template. (default "diff")
      --post-renderer string                     the path to an executable to be used for post rendering. If it exists in $PATH, the binary will be used, otherwise it will try to look for the executable at the given path
      --post-renderer-args stringArray           an argument to the post-renderer (can specify multiple)
      --repo string                              specify the chart repository url to locate the requested chart
      --reset-values                             reset the values to the ones built into the chart and merge in any new values
      --reuse-values                             reuse the last release's values and merge in any new values. If '--reset-values' is specified, this is ignored
      --set stringArray                          set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
      --set-file stringArray                     set values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
      --set-json stringArray                     set JSON values on the command line (can specify multiple or separate values with commas: key1=jsonval1,key2=jsonval2)
      --set-string stringArray                   set STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
      --show-secrets                             do not redact secret values in the output
      --strip-trailing-cr                        strip trailing carriage return on input
      --suppress stringArray                     allows suppression of the kinds listed in the diff output (can specify multiple, like '--suppress Deployment --suppress Service')
      --suppress-output-line-regex stringArray   a regex to suppress diff output lines that match
  -q, --suppress-secrets                         suppress secrets in the output
      --three-way-merge                          use three-way-merge to compute patch and generate diff output
  -f, --values valueFiles                        specify values in a YAML file (can specify multiple) (default [])
      --version string                           specify the exact chart version to use. If this is not specified, the latest version is used

Additional help topics:
  diff

Use "diff [command] --help" for more information about a command.
Installed plugin: diff

helmfile

install log
> wget https://github.com/roboll/helmfile/releases/download/v0.144.0/helmfile_linux_amd64
sudo mv helmfile_linux_amd64 /usr/local/bin/helmfile
chmod +x /usr/local/bin/helmfile
--2024-03-09 02:10:39--  https://github.com/roboll/helmfile/releases/download/v0.144.0/helmfile_linux_amd64
Resolving github.com (github.com)... 20.27.177.113
Connecting to github.com (github.com)|20.27.177.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/74499101/51afb07f-4998-43c2-9f51-b5375ff292b2?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240308%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240308T171040Z&X-Amz-Expires=300&X-Amz-Signature=394c2d563b628799f7dc9423d5eb54711072a7db201a01fd2c494116918956e5&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=74499101&response-content-disposition=attachment%3B%20filename%3Dhelmfile_linux_amd64&response-content-type=application%2Foctet-stream [following]
--2024-03-09 02:10:39--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/74499101/51afb07f-4998-43c2-9f51-b5375ff292b2?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240308%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240308T171040Z&X-Amz-Expires=300&X-Amz-Signature=394c2d563b628799f7dc9423d5eb54711072a7db201a01fd2c494116918956e5&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=74499101&response-content-disposition=attachment%3B%20filename%3Dhelmfile_linux_amd64&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 46608813 (44M) [application/octet-stream]
Saving to: ‘helmfile_linux_amd64’

helmfile_linux_amd64           100%[====================================================>]  44.45M  11.0MB/s    in 4.0s

2024-03-09 02:10:44 (11.0 MB/s) - ‘helmfile_linux_amd64’ saved [46608813/46608813]

公式の Getting Started を試しに動かしてみる (prometheus デプロイ)

repositories:
 - name: prometheus-community
   url: https://prometheus-community.github.io/helm-charts

releases:
- name: prom-norbac-ubuntu
  namespace: prometheus
  chart: prometheus-community/prometheus
  set:
  - name: rbac.create
    value: false
helmfile appply
> helmfile apply
Adding repo prometheus-community https://prometheus-community.github.io/helm-charts
"prometheus-community" has been added to your repositories

Comparing release=prom-norbac-ubuntu, chart=prometheus-community/prometheus
********************

        Release was not present in Helm.  Diff will show entire contents as new.

********************
prometheus, prom-norbac-ubuntu-alertmanager, ConfigMap (v1) has been added:
-
+ # Source: prometheus/charts/alertmanager/templates/configmap.yaml
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+   name: prom-norbac-ubuntu-alertmanager
+   labels:
+     helm.sh/chart: alertmanager-1.9.0
+     app.kubernetes.io/name: alertmanager
+     app.kubernetes.io/instance: prom-norbac-ubuntu
+     app.kubernetes.io/version: "v0.27.0"
+     app.kubernetes.io/managed-by: Helm
+   namespace: prometheus
+ data:
+   alertmanager.yml: |
+     global: {}
+     receivers:
+     - name: default-receiver
+     route:
+       group_interval: 5m
+       group_wait: 10s
+       receiver: default-receiver
+       repeat_interval: 3h
+     templates:
+     - /etc/alertmanager/*.tmpl
prometheus, prom-norbac-ubuntu-alertmanager, Service (v1) has been added:
... ~~ 色々差分が表示される.あまりにも長いので省略 ~~

Upgrading release=prom-norbac-ubuntu, chart=prometheus-community/prometheus
Release "prom-norbac-ubuntu" does not exist. Installing it now.
NAME: prom-norbac-ubuntu
LAST DEPLOYED: Sat Mar  9 02:16:01 2024
NAMESPACE: prometheus
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
prom-norbac-ubuntu-prometheus-server.prometheus.svc.cluster.local


Get the Prometheus server URL by running these commands in the same shell:
  export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=prometheus,app.kubernetes.io/instance=prom-norbac-ubuntu" -o jsonpath="{.items[0].metadata.name}")
  kubectl --namespace prometheus port-forward $POD_NAME 9090


The Prometheus alertmanager can be accessed via port 9093 on the following DNS name from within your cluster:
prom-norbac-ubuntu-alertmanager.prometheus.svc.cluster.local


Get the Alertmanager URL by running these commands in the same shell:
  export POD_NAME=$(kubectl get pods --namespace prometheus -l "app.kubernetes.io/name=alertmanager,app.kubernetes.io/instance=prom-norbac-ubuntu" -o jsonpath="{.items[0].metadata.name}")
  kubectl --namespace prometheus port-forward $POD_NAME 9093
#################################################################################
######   WARNING: Pod Security Policy has been disabled by default since    #####
######            it deprecated after k8s 1.25+. use                        #####
######            (index .Values "prometheus-node-exporter" "rbac"          #####
###### .          "pspEnabled") with (index .Values                         #####
######            "prometheus-node-exporter" "rbac" "pspAnnotations")       #####
######            in case you still need it.                                #####
#################################################################################


The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
prom-norbac-ubuntu-prometheus-pushgateway.prometheus.svc.cluster.local


Get the PushGateway URL by running these commands in the same shell:
  export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus-pushgateway,component=pushgateway" -o jsonpath="{.items[0].metadata.name}")
  kubectl --namespace prometheus port-forward $POD_NAME 9091

For more information on running Prometheus, visit:
https://prometheus.io/

Listing releases matching ^prom-norbac-ubuntu$
prom-norbac-ubuntu      prometheus      1               2024-03-09 02:16:01.343767992 +0900 JST deployed        prometheus-25.16.0  v2.50.1


UPDATED RELEASES:
NAME                 CHART                             VERSION
prom-norbac-ubuntu   prometheus-community/prometheus   25.16.0

※namespace=prometheus で apply されるので注意

> kc get pod -n prometheus
NAME                                                        READY   STATUS    RESTARTS   AGE
prom-norbac-ubuntu-alertmanager-0                           1/1     Running   0          3m36s
prom-norbac-ubuntu-kube-state-metrics-68668c5849-xqwk4      1/1     Running   0          3m36s
prom-norbac-ubuntu-prometheus-node-exporter-m72d6           1/1     Running   0          3m36s
prom-norbac-ubuntu-prometheus-pushgateway-664559586-45q4s   1/1     Running   0          3m36s
prom-norbac-ubuntu-prometheus-server-6f6dfdc6cb-rl4l4       2/2     Running   0          3m36s

後は、 helmfile diff
デプロイしたものを削除して、 diff を見てみる

helmfile diff
> helmfile destroy
Adding repo prometheus-community https://prometheus-community.github.io/helm-charts
"prometheus-community" has been added to your repositories

Listing releases matching ^prom-norbac-ubuntu$
prom-norbac-ubuntu      prometheus      1               2024-03-09 02:16:01.343767992 +0900 JST deployed        prometheus-25.16.0  v2.50.1

Deleting prom-norbac-ubuntu
release "prom-norbac-ubuntu" uninstalled


DELETED RELEASES:
NAME
prom-norbac-ubuntu

> helmfile diff
Adding repo prometheus-community https://prometheus-community.github.io/helm-charts
"prometheus-community" has been added to your repositories

Comparing release=prom-norbac-ubuntu, chart=prometheus-community/prometheus
********************

        Release was not present in Helm.  Diff will show entire contents as new.

********************
prometheus, prom-norbac-ubuntu-alertmanager, ConfigMap (v1) has been added:
-
+ # Source: prometheus/charts/alertmanager/templates/configmap.yaml
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+   name: prom-norbac-ubuntu-alertmanager
+   labels:
+     helm.sh/chart: alertmanager-1.9.0
+     app.kubernetes.io/name: alertmanager
+     app.kubernetes.io/instance: prom-norbac-ubuntu
+     app.kubernetes.io/version: "v0.27.0"
+     app.kubernetes.io/managed-by: Helm
+   namespace: prometheus
+ data:
+   alertmanager.yml: |
+     global: {}
+     receivers:
+     - name: default-receiver
+     route:
+       group_interval: 5m
+       group_wait: 10s
+       receiver: default-receiver
...  ~~ 先ほどのインストール時と同様の差分 ~~

無事動作確認できました 💪

あとがき

実際には、クラウドの k8s クラスターにアクセスしたり image pull の設定とかあるかと思いますがひとまず local で学習用環境を作るのであれば割と手軽にできました。こんな短時間で手軽に準備できるとは... k8s,helm 関係者様様ですね。

また、後からつまらない「おま環」問題で詰まってしまうことになるので、なるべくイレギュラーな環境設定はしないようにした方が良いですね。
今回で言うと「毎回 sudo docker するの面倒だから alias 貼っとくか...」ってしてたのが仇になった点です。(まぁ、恐らく当時の自分としては効率化を図った上での対処なのだとは思いますが...)

Discussion