OpenMCF logoOpenMCF

Loading...

Kubernetes Helm Release

Deploys any Helm chart to a Kubernetes cluster through OpenMCF's lifecycle management, acting as a generic escape hatch for workloads that are already packaged as Helm charts but do not have a dedicated OpenMCF component. The module handles chart fetching, namespace creation, value overrides, and the full apply/update/destroy lifecycle automatically.

What Gets Created

When you deploy a KubernetesHelmRelease resource, OpenMCF provisions:

  • Namespace — created only when createNamespace is true
  • Helm Chart Resources — all Kubernetes resources defined by the Helm chart are rendered and applied via Pulumi's helm/v3.Chart, using the specified chart name, version, repository, and custom value overrides

Prerequisites

  • Kubernetes credentials configured via environment variables or OpenMCF provider config
  • A Kubernetes namespace that already exists, or set createNamespace to true
  • A reachable Helm chart repository hosting the chart at the specified version
  • CRD definitions available on the cluster if the Helm chart deploys or references custom resource types

Quick Start

Create a file helm-release.yaml:

apiVersion: kubernetes.openmcf.org/v1
kind: KubernetesHelmRelease
metadata:
  name: my-nginx
  labels:
    openmcf.org/provisioner: pulumi
    pulumi.openmcf.org/organization: my-org
    pulumi.openmcf.org/project: my-project
    pulumi.openmcf.org/stack.name: dev.KubernetesHelmRelease.my-nginx
spec:
  namespace:
    value: ingress
  createNamespace: true
  repo: https://charts.bitnami.com/bitnami
  name: nginx
  version: "18.1.11"

Deploy:

openmcf apply -f helm-release.yaml

This deploys the Bitnami nginx chart at version 18.1.11 into the ingress namespace, creating the namespace if it does not already exist.

Configuration Reference

Required Fields

FieldTypeDescriptionValidation
namespaceStringValueOrRefKubernetes namespace for the Helm release. Can reference a KubernetesNamespace resource via valueFrom.Required
repostringURL of the Helm chart repository (e.g., https://charts.bitnami.com/bitnami).Required
namestringName of the Helm chart within the repository (e.g., nginx, redis).Required
versionstringSemantic version of the Helm chart to deploy (e.g., 18.1.11).Required

Optional Fields

FieldTypeDefaultDescription
targetCluster.clusterKindenum—Kubernetes cluster kind. Valid values: AwsEksCluster, GcpGkeCluster, AzureAksCluster, DigitalOceanKubernetesCluster, CivoKubernetesCluster.
targetCluster.clusterNamestring—Name of the target Kubernetes cluster in the same environment.
createNamespaceboolfalseWhen true, creates the namespace before deploying the Helm release. When false, the namespace must already exist.
valuesmap<string, string>—Key-value pairs that override defaults in the chart's values.yaml. Each key uses Helm dot-notation flattened to a single string key.

Examples

Minimal Nginx Ingress Controller

Deploys the ingress-nginx controller with default settings:

apiVersion: kubernetes.openmcf.org/v1
kind: KubernetesHelmRelease
metadata:
  name: ingress-nginx
  labels:
    openmcf.org/provisioner: pulumi
    pulumi.openmcf.org/organization: my-org
    pulumi.openmcf.org/project: my-project
    pulumi.openmcf.org/stack.name: dev.KubernetesHelmRelease.ingress-nginx
spec:
  namespace:
    value: ingress-nginx
  createNamespace: true
  repo: https://kubernetes.github.io/ingress-nginx
  name: ingress-nginx
  version: "4.11.3"

Prometheus Stack with Custom Values

Deploys kube-prometheus-stack with custom retention, resource limits, and Grafana disabled:

apiVersion: kubernetes.openmcf.org/v1
kind: KubernetesHelmRelease
metadata:
  name: prometheus
  labels:
    openmcf.org/provisioner: pulumi
    pulumi.openmcf.org/organization: my-org
    pulumi.openmcf.org/project: my-project
    pulumi.openmcf.org/stack.name: staging.KubernetesHelmRelease.prometheus
spec:
  namespace:
    value: monitoring
  createNamespace: true
  repo: https://prometheus-community.github.io/helm-charts
  name: kube-prometheus-stack
  version: "65.1.0"
  values:
    grafana.enabled: "false"
    prometheus.prometheusSpec.retention: "30d"
    prometheus.prometheusSpec.resources.limits.cpu: "2000m"
    prometheus.prometheusSpec.resources.limits.memory: "4Gi"
    prometheus.prometheusSpec.resources.requests.cpu: "500m"
    prometheus.prometheusSpec.resources.requests.memory: "1Gi"
    prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage: "50Gi"

Cert-Manager with Target Cluster and Foreign Key Namespace

Deploys cert-manager on a specific GKE cluster, referencing an OpenMCF-managed namespace:

apiVersion: kubernetes.openmcf.org/v1
kind: KubernetesHelmRelease
metadata:
  name: cert-manager
  labels:
    openmcf.org/provisioner: pulumi
    pulumi.openmcf.org/organization: my-org
    pulumi.openmcf.org/project: my-project
    pulumi.openmcf.org/stack.name: prod.KubernetesHelmRelease.cert-manager
spec:
  targetCluster:
    clusterKind: GcpGkeCluster
    clusterName: prod-cluster
  namespace:
    valueFrom:
      kind: KubernetesNamespace
      name: cert-manager-ns
      field: spec.name
  repo: https://charts.jetstack.io
  name: cert-manager
  version: "1.16.2"
  values:
    crds.enabled: "true"
    replicaCount: "2"
    resources.limits.cpu: "500m"
    resources.limits.memory: "512Mi"
    resources.requests.cpu: "100m"
    resources.requests.memory: "128Mi"

Stack Outputs

After deployment, the following outputs are available in status.outputs:

OutputTypeDescription
namespacestringKubernetes namespace where the Helm release was deployed

Related Components

  • KubernetesNamespace — provides the target namespace via valueFrom reference
  • KubernetesManifest — preferred when deploying raw Kubernetes YAML rather than a packaged Helm chart
  • KubernetesDeployment — preferred for containerized applications that need built-in Service, ingress, and autoscaling support

Next article

Kubernetes Ingress Nginx

Kubernetes Ingress Nginx Deploys the ingress-nginx controller on Kubernetes using the upstream Helm chart (default version 4.11.1), with provider-specific load balancer configuration for GKE, EKS, and AKS, optional internal load balancer mode, configurable chart version, and optional namespace creation. What Gets Created When you deploy a KubernetesIngressNginx resource, OpenMCF provisions: Namespace — created only when createNamespace is true Helm Release (ingress-nginx) — deploys the...
Read next article
Presets
1 ready-to-deploy configurationView presets →