Migrating Helm v2 to v3
This guide shows how to migrate Helm v2 to v3. Helm v2 needs to be installed and managing releases in one to many clusters.
Overview of Helm 3 Changes
The full list of changes from Helm 2 to 3 are documented in the FAQ section. The following is a summary of some of those changes that a user should be aware of before and during migration:
- Removal of Tiller:
- Replaces client/server with client/library architecture (
helmbinary only) - Security is now on per user basis (delegated to Kubernetes user cluster security)
- Releases are now stored as in-cluster secrets and the release object metadata has changed
- Releases are persisted on a release namespace basis and not in the Tiller namespace anymore
- Replaces client/server with client/library architecture (
- Chart repository updated:
helm searchnow supports both local repository searches and making search queries against Helm Hub
- Chart apiVersion bumped to “v2” for following specification changes:
- Dynamically linked chart dependencies moved to
Chart.yaml(requirements.yamlremoved and requirements –> dependencies) - Library charts (helper/common charts) can now be added as dynamically linked chart dependencies
- Charts have a
typemetadata field to define the chart to be of anapplicationorlibrarychart. It is application by default which means it is renderable and installable - Helm 2 charts (apiVersion=v1) are still installable
- Dynamically linked chart dependencies moved to
- XDG directory specification added:
- Helm home removed and replaced with XDG directory specification for storing configuration files
- No longer need to initialize Helm
helm initandhelm homeremoved
- Additional changes:
- Helm install/set-up is simplified:
- Helm client (helm binary) only (no Tiller)
- Run-as-is paradigm
localorstablerepositories are not set-up by defaultcrd-installhook removed and replaced withcrdsdirectory in chart where all CRDs defined in it will be installed before any rendering of the charttest-failurehook annotation value removed, andtest-successdeprecated. Usetestinstead- Commands removed/replaced/added:
- delete –> uninstall : removes all release history by default
(previously needed
--purge) - fetch –> pull
- home (removed)
- init (removed)
- install: requires release name or
--generate-nameargument - inspect –> show
- reset (removed)
- serve (removed)
- template:
-x/--executeargument renamed to-s/--show-only - upgrade: Added argument
--history-maxwhich limits the maximum number of revisions saved per release (0 for no limit)
- delete –> uninstall : removes all release history by default
(previously needed
- Helm 3 Go library has undergone a lot of changes and is incompatible with the Helm 2 library
- Release binaries are now hosted on
get.helm.sh
- Helm install/set-up is simplified:
Migration Use Cases
The migration use cases are as follows:
Helm v2 and v3 managing the same cluster:
- This use case is only recommended if you intend to phase out Helm v2 gradually and do not require v3 to manage any releases deployed by v2. All new releases being deployed should be performed by v3 and existing v2 deployed releases are updated/removed by v2 only
- Helm v2 and v3 can quite happily manage the same cluster. The Helm versions can be installed on the same or separate systems
- If installing Helm v3 on the same system, you need to perform an additional step to ensure that both client versions can co-exist until ready to remove Helm v2 client. Rename or put the Helm v3 binary in a different folder to avoid conflict
- Otherwise there are no conflicts between both versions because of the
following distinctions:
- v2 and v3 release (history) storage are independent of each other. The
changes includes the Kubernetes resource for storage and the release
object metadata contained in the resource. Releases will also be on a per
user namespace instead of using the Tiller namespace (for example, v2
default Tiller namespace kube-system). v2 uses “ConfigMaps” or “Secrets”
under the Tiller namespace and
TILLERownership. v3 uses “Secrets” in the user namespace andhelmownership. Releases are incremental in both v2 and v3 - The only issue could be if Kubernetes cluster scoped resources (e.g.
clusterroles.rbac) are defined in a chart. The v3 deployment would then fail even if unique in the namespace as the resources would clash - v3 configuration no longer uses
$HELM_HOMEand uses XDG directory specification instead. It is also created on the fly as need be. It is therefore independent of v2 configuration. This is applicable only when both versions are installed on the same system
- v2 and v3 release (history) storage are independent of each other. The
changes includes the Kubernetes resource for storage and the release
object metadata contained in the resource. Releases will also be on a per
user namespace instead of using the Tiller namespace (for example, v2
default Tiller namespace kube-system). v2 uses “ConfigMaps” or “Secrets”
under the Tiller namespace and
Migrating Helm v2 to Helm v3:
- This use case applies when you want Helm v3 to manage existing Helm v2 releases
- It should be noted that a Helm v2 client:
- can manage 1 to many Kubernetes clusters
- can connect to 1 to many Tiller instances for a cluster
- This means that you have to be cognisant of this when migrating as releases are deployed into clusters by Tiller and its namespace. You have to therefore be aware of migrating for each cluster and each Tiller instance that is managed by the Helm v2 client instance
- The recommended data migration path is as follows:
- Backup v2 data
- Migrate Helm v2 configuration
- Migrate Helm v2 releases
- When happy that Helm v3 is managing all Helm v2 data (for all clusters and Tiller instances of the Helm v2 client instance) as expected, then clean up Helm v2 data
- The migration process is automated by the Helm v3 2to3 plugin
