The feature image shows a ship's wheel. This is a symbol often used for technologies gravitating around Kubernetes
Photo by Matt Artz / Unsplash

How To Deploy Helm Charts With Terraform

Do you know you can deploy Helm charts as any other Terraform resources? It's possible with the official Helm provider. Learn by doing in this Terraform tutorial!

Guillaume Vincent
Guillaume Vincent

Table of Contents

Today, we will see how to deploy software components with Helm. This will allow you to manage applications on top of Kubernetes in the form of code. You will be able to use Terraform end-to-end in your cloud-native infrastructure.

This Terraform tutorial focuses on the following point:

  • A quick review of what Terraform and Helm are.
  • Presentation of the official Helm provider
  • Learn by doing – deploy a modern monitoring infrastructure with Prometheus and Grafana

Ready to go? Deploy on top of Kubernetes with Helm and Terraform too!


What Is Terraform?

The Terraform logo icon
Terraform logo from https://www.terraform.io/

Terraform is a well-known tool in the DevOps ecosystem. It allows you to describe your entire infrastructure in code. This process is called infrastructure as code (IaC):

"IaC is the process of managing and provisioning computer datacenters through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools"

Terraform can manage resources from many different cloud providers or services. You write the code and Terraform translates it into API calls to the target. It will also determine the resource's relationship and creation order.

Terraform keeps also track of the status of your infrastructure in a state file. This file allows Terraform to compare the existing infrastructure with your code. Knowing that Terraform decides which resources create/update/delete for synchronization.


What Is Helm?

The Helm logo icon
The Helm logo from helm.sh


Helm is a package management tool to deploy applications in Kubernetes clusters. The YUM and APT commands present in Linux distributions manages also packages. Helm makes the same but for software on Kubernetes. In Helm terminology, a package is – a chart.


Helm charts help you to define, install and update Kubernetes applications. We won't inspect all the information about Helm here. But, I invite you to consult this Helm tutorial to be more familiar with it:

What Is Helm? A Quickstart Tutorial For Kubernetes Beginners
Learn Helm by practice and package your app for Kubernetes

The Terraform Helm Provider

Terraform providers allow users to manage various external APIs: cloud providers, databases, and services. This diagram shows how providers interact with the Terraform core and a Target API:

Schema showing how Terraform providers work
How do Terraform providers work

Terraform providers use a Golang client library to communicate.  On your side, you have to declare the provider in the Terraform code. Then, you will be able to define resources and fetch distant data.

Hashicorp, the company maintaining Terraform, distributes a provider for Helm. We will use the Helm provider to deploy Helm charts in the next of this article. This provider needs Terraform and Helm binaries installed on your machine to work.

Installing Terraform

$ brew install terraform

Not on working on Mac? Check out Terraform downloads

Installing Helm

$ brew install helm

Not on working on Mac? Check out Helm downloads

Declaring the Helm provider

You need also to provide proper credentials to connect to the Kubernetes cluster. Many choices are possible. The easiest way is to specify the kubeconfig path:

provider "helm" {
  kubernetes {
    config_path = "~/.kube/config"
  }
}

Deploying The Monitoring Infrastructure With Helm+Terraform

Retrieve the full code of this tutorial in this GitHub repository:

GitHub - guivin/terraform-helm-example at 0.1.0
Deploy Helm charts with Terraform. Contribute to guivin/terraform-helm-example development by creating an account on GitHub.

Terraform variables

Terraform variables are useful to avoid repeating values:

  • kube_config is the path to the kubeconfig file. It will be used to connect to the Kubernetes cluster.
  • namespace is the logical place where Grafana and Prometheus will be deployed with Helm.

Kubernetes & Helm providers

We will manage Kubernetes resources and Helm with Terraform. We declare the Kubernetes provider  and Helm provider to go ahead:

Kubernetes namespace

Namespaces in Kubernetes are logical isolation for deployment. We create a monitoring namespace for our new monitoring components:

Prometheus Helm release

helm_release is a Terraform resource from the Helm provider. It allows you to release a Helm chart and customize it with Terraform.  You can override the default settings from the original values.yaml with the set blocks:

Grafana Helm release

Values can be passed to the helm_release resource through files:

The above snippet defines a Kubernetes Secret for accessing Grafana. The credential is a random password generated by Terraform. The values.yaml is templated by Terraform and passed to the helm_release.grafana.


Accessing The Prometheus Server

Create the port-forward session to the Prometheus server:

$ kubectl port-forward --namespace monitoring svc/prometheus-server 8080:80

Go to http://localhost:8080 to access the Prometheus UI:

Screenshot showing the Prometheus server web interface
The Prometheus server web interface

Accessing The Grafana UI

Create the port-forward session to Grafana:

$ kubectl port-forward --namespace monitoring svc/grafana 3000:80

Get the Grafana admin username:

$ kubectl get secret --namespace monitoring grafana -o jsonpath="{.data.admin-user}" | base64 --decode 

Get the Grafana admin password:

$ kubectl get secret --namespace monitoring grafana -o jsonpath="{.data.admin-password}" | base64 --decode

Go to http://localhost:3000 to access the Grafana UI. Reuse the previous credentials to log in:

The Grafana login interface
The Grafana login page
The Grafana homepage
The Grafana homepage
The Grafana dashboard list
The Grafana dashboard list

The Kubernetes API Server dashboard is provisioned in the values-grafana.yaml file. The dashboard is visible in the Grafana UI:

The Kubernetes API server Grafana dashboard
The Kubernetes API server Grafana dashboard

Conclusion

We have discovered in this tutorial how to use Terraform and Helm together with the official Helm provider. The Helm chart is called through the helm_release resource. It is possible to customize the deployment values using set block or templating the values.yaml.

The example here deploys complete monitoring with Prometheus and Grafana. stack:

  • Prometheus collects the cluster metrics
  • Grafana allows us to visualize metrics over beautiful dashboards

Coupling Terraform with Helm is great because you can orchestrate the Helm chart deployment and dependencies with your all infrastructure components. Helm charts are finally considered as any other type of resource.

Cloud-NativeObservability

Guillaume Vincent Twitter

DevOps Engineer & AWS Certified Solution Architect. Cloud enthusiast and automation addict