DEV Community: Stanislas Bruhière The latest articles on DEV Community by Stanislas Bruhière (@nastaliss). https://dev.to/nastaliss https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1255070%2F2e03ba99-61ac-4baa-ab4b-265171ae39b1.jpg DEV Community: Stanislas Bruhière https://dev.to/nastaliss en Setting up a helm OCI registry with ArgoCD hosted on Azure Stanislas Bruhière Thu, 04 Jul 2024 14:58:53 +0000 https://dev.to/nastaliss/setting-up-a-helm-oci-registry-with-argocd-hosted-on-azure-4idd https://dev.to/nastaliss/setting-up-a-helm-oci-registry-with-argocd-hosted-on-azure-4idd <p>With an increasing number of helm charts, some configuration blocks are bound to get duplicated. This is not usually a big problem when writing Kubernetes configuration as readability and simplicity of the configuration is most of the time more valued than factorization.</p> <p>However, keeping 10+ helm charts consistent often means a lot of copy pasting back and forth to keep the same naming convention, labels and logic up to date. This is why I wanted a way to use a _helpers.tpl file shared between multiple charts.</p> <p>There are a few ways to achieve that :</p> <ul> <li><p>Creating a _helpers.tpl file at the root of the helm chart repository and creating symlinks in every chart directory. This can only work if all of your charts are in the same repository. However some of my charts were stored alongside the code to make deployment easier. So this solution could not work for me.</p></li> <li><p>Creating a _helpers.tpl file in a discrete repository, then using this repository as a sub-module in every chart repository. This can (and has) worked for me in the past. However working with sub-modules can be a pain to integrate in CI, and in ArgoCD.</p></li> <li><p>Using the new OCI registry support in helm. This is used actively by bitnami in their common chart. Since helm 3.8.0 this feature is supported by default.</p></li> </ul> <h2> Hosting and logging into an OCI registry on azure </h2> <p>OCI images are supported by default by Azure Container Registries (ACR). </p> <p>Here is the minimal Terraform configuration to create an ACR, a service principal and export its username / password to be able to login from the CI to push the OCI images and pull them from ArgoCD.</p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="c1"># oci-registry.tf</span> <span class="nx">data</span> <span class="s2">"azuread_client_config"</span> <span class="s2">"current"</span> <span class="p">{}</span> <span class="c1"># Deploy the ACR</span> <span class="nx">resource</span> <span class="s2">"azurerm_container_registry"</span> <span class="s2">"registry"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"&lt;acr-name&gt;"</span> <span class="nx">resource_group_name</span> <span class="p">=</span> <span class="s2">"&lt;resource-group-name&gt;"</span> <span class="nx">location</span> <span class="p">=</span> <span class="s2">"&lt;my-location&gt;"</span> <span class="nx">admin_enabled</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">sku</span> <span class="p">=</span> <span class="s2">"Basic"</span> <span class="nx">public_network_access_enabled</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">zone_redundancy_enabled</span> <span class="p">=</span> <span class="kc">false</span> <span class="p">}</span> <span class="c1"># Deploy an application to contribute to the ACR</span> <span class="nx">resource</span> <span class="s2">"azuread_application"</span> <span class="s2">"oci_contributor"</span> <span class="p">{</span> <span class="nx">display_name</span> <span class="p">=</span> <span class="s2">"OCI contributor"</span> <span class="nx">owners</span> <span class="p">=</span> <span class="p">[</span><span class="nx">data</span><span class="p">.</span><span class="nx">azuread_client_config</span><span class="p">.</span><span class="nx">current</span><span class="p">.</span><span class="nx">object_id</span><span class="p">]</span> <span class="nx">prevent_duplicate_names</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">device_only_auth_enabled</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="c1"># Associate an azure service principal (SP) to generate credentials</span> <span class="nx">resource</span> <span class="s2">"azuread_service_principal"</span> <span class="s2">"oci_contributor"</span> <span class="p">{</span> <span class="nx">application_id</span> <span class="p">=</span> <span class="nx">azuread_application</span><span class="p">.</span><span class="nx">oci_contributor</span><span class="p">.</span><span class="nx">application_id</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"OCI contributor"</span> <span class="nx">owners</span> <span class="p">=</span> <span class="p">[</span><span class="nx">data</span><span class="p">.</span><span class="nx">azuread_client_config</span><span class="p">.</span><span class="nx">current</span><span class="p">.</span><span class="nx">object_id</span><span class="p">]</span> <span class="p">}</span> <span class="c1"># Create a password for the SP</span> <span class="nx">resource</span> <span class="s2">"azuread_service_principal_password"</span> <span class="s2">"oci_contributor"</span> <span class="p">{</span> <span class="nx">service_principal_id</span> <span class="p">=</span> <span class="nx">azuread_service_principal</span><span class="p">.</span><span class="nx">oci_contributor</span><span class="p">.</span><span class="nx">object_id</span> <span class="p">}</span> <span class="c1"># Gives the SP the right to contribute to the ACR</span> <span class="nx">resource</span> <span class="s2">"azurerm_role_assignment"</span> <span class="s2">"oci_contributor"</span> <span class="p">{</span> <span class="nx">scope</span> <span class="p">=</span> <span class="nx">azurerm_container_registry</span><span class="p">.</span><span class="nx">acr</span><span class="p">.</span><span class="nx">id</span> <span class="nx">role_definition_name</span> <span class="p">=</span> <span class="s2">"AcrPush"</span> <span class="nx">principal_id</span> <span class="p">=</span> <span class="nx">azuread_service_principal</span><span class="p">.</span><span class="nx">oci_contributor</span><span class="p">.</span><span class="nx">object_id</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Give OCI Contributor rights to contribute to container registry"</span> <span class="p">}</span> <span class="c1"># Output the SP client_id to reference it in the CI</span> <span class="nx">output</span> <span class="s2">"oci_contributor_service_principal_client_id"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">azuread_service_principal</span><span class="p">.</span><span class="nx">oci_contributor</span><span class="p">.</span><span class="nx">application_id</span> <span class="p">}</span> <span class="c1"># Output the SP password to reference it in the CI</span> <span class="nx">output</span> <span class="s2">"oci_contributor_service_principal_password"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">azuread_service_principal_password</span><span class="p">.</span><span class="nx">oci_contributor</span><span class="p">.</span><span class="nx">value</span> <span class="nx">sensitive</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> </code></pre> </div> <p>Once this is deployed, we can create a new repository that will contain our chart(s) we want to share.</p> <h2> Creating the helpers repository chart </h2> <p>Create a repository and populate it as follows :</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> . ├── .github/ │ └── workflows/ │ ├── deploy-test.yaml │ └── release.yaml ├── common/ │ ├── templates/ │ │ └── security.yaml │ └── Chart.yaml ├── .gitignore └── README.md </code></pre> </div> <p>The Chart.yaml will contain the following:</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># Chart.yaml</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v2</span> <span class="na">name</span><span class="pi">:</span> <span class="s">common</span> <span class="na">description</span><span class="pi">:</span> <span class="s">Shared helper function across different helm charts</span> <span class="na">type</span><span class="pi">:</span> <span class="s">application</span> <span class="na">appVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.16.0"</span> <span class="na">version</span><span class="pi">:</span> <span class="s">0.1.0</span> </code></pre> </div> <p>Make sure to ignore tgz files when testing</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> # .gitignore *.tgz </code></pre> </div> <h2> Writing a simple helper function </h2> <p>Here we will write two simple helper function to populate the <a href="https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" rel="noopener noreferrer">SecurityContext</a> for a pod and a container.</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># security.yaml</span> <span class="pi">{{</span><span class="nv">/*</span> <span class="nv"># DESCRIPTION</span> <span class="nv"># Generate The pod's securityContext and to comply with namespaces with the annotation pod-security.kubernetes.io/enforce set to restricted</span> <span class="nv"># PARAMETERS</span> <span class="nv">- user (optional)</span><span class="pi">:</span> <span class="nv">The user to run the container as. Defaults to 10000</span> <span class="nv"># USAGE</span> <span class="nv">#</span> <span class="pi">{{</span> <span class="nv">include "common.security.podSecurityContext.restricted" dict | indent 4</span> <span class="pi">}}</span> <span class="err">*</span><span class="nv">/</span><span class="pi">}}</span> <span class="pi">{{</span><span class="nv">- define "common.security.podSecurityContext.restricted" -</span><span class="pi">}}</span> <span class="pi">{{</span><span class="nv">- $user</span> <span class="pi">:</span><span class="nv">= .user | default 10000 -</span><span class="pi">}}</span> <span class="na">runAsNonRoot</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">runAsUser</span><span class="pi">:</span> <span class="pi">{{</span> <span class="nv">$user</span> <span class="pi">}}</span> <span class="na">runAsGroup</span><span class="pi">:</span> <span class="pi">{{</span> <span class="nv">$user</span> <span class="pi">}}</span> <span class="na">fsGroup</span><span class="pi">:</span> <span class="pi">{{</span> <span class="nv">$user</span> <span class="pi">}}</span> <span class="na">seccompProfile</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">RuntimeDefault</span> <span class="pi">{{</span><span class="nv">- end -</span><span class="pi">}}</span> <span class="pi">{{</span><span class="nv">/*</span> <span class="nv"># DESCRIPTION</span> <span class="nv"># Generate The container's SecurityContext and to comply with namespaces with the annotation pod-security.kubernetes.io/enforce set to restricted</span> <span class="nv"># PARAMETERS</span> <span class="nv">No parameters</span><span class="pi">,</span> <span class="nv">just include the snippet and give it an empty dict</span> <span class="nv"># USAGE</span> <span class="nv">#</span> <span class="pi">{{</span> <span class="nv">include "common.security.containerSecurityContext.restricted" dict | indent 4</span> <span class="pi">}}</span> <span class="err">*</span><span class="nv">/</span><span class="pi">}}</span> <span class="pi">{{</span><span class="nv">- define "common.security.containerSecurityContext.restricted" -</span><span class="pi">}}</span> <span class="na">allowPrivilegeEscalation</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">capabilities</span><span class="pi">:</span> <span class="na">drop</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">ALL"</span><span class="pi">]</span> <span class="pi">{{</span><span class="nv">- end -</span><span class="pi">}}</span> </code></pre> </div> <p>I won't go into details for this file as this is standard helm template. This is just an example.</p> <h2> Building the OCI image manually </h2> <p>First let's check we are able to build the OCI image and push it to the registry.</p> <p>Get your login / password from the two outputs in the terraform module.</p> <p>Run </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">cd </span>common helm registry login &lt;acr-name&gt;.azurecr.io <span class="nt">--username</span> &lt;acr-username&gt; <span class="nt">--password</span> &lt;acr-password&gt; helm package <span class="nb">.</span> helm push <span class="k">*</span>.tgz <span class="s2">"oci://&lt;acr-name&gt;.azurecr.io/helm"</span> </code></pre> </div> <p>This will build your helm package and push it to the acr in the helm/common path (as the chart is named <code>common</code>) and under the 0.1.0 tag, defined in <code>Chart.yaml</code>.</p> <h2> Using the common chart as a dependency </h2> <p>In another helm chart, you can use the common helm chart as a dependency by adding these lines in the Chart.yaml</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># other-chart/Chart.yaml</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> <span class="na">dependencies</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">common</span> <span class="na">repository</span><span class="pi">:</span> <span class="s">oci://&lt;acr-name&gt;.azurecr.io/helm</span> <span class="na">version</span><span class="pi">:</span> <span class="s">0.1.0</span> </code></pre> </div> <p>You will then need to run <code>helm dependency update</code> or <code>helm dep up</code> if you hate typing.<br> This will create (or update) the Chart.lock, which is required for deploying the chart.</p> <p>Then calling the function will look something like this:</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># other-chart/templates/deployment.yaml</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">securityContext</span><span class="pi">:</span> <span class="pi">{{</span><span class="nv">- include "common.security.podSecurityContext.restricted" (dict "user" 101) | nindent 8</span> <span class="pi">}}</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> </code></pre> </div> <h2> Passing credentials to ArgoCD </h2> <p>In your ArgoCD helm chart, you will need to add the following config in the valueFile. </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">argo-cd</span><span class="pi">:</span> <span class="na">configs</span><span class="pi">:</span> <span class="na">repositories</span><span class="pi">:</span> <span class="na">helm-oci</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">&lt;acr-username&gt;</span> <span class="na">password</span><span class="pi">:</span> <span class="s">&lt;acr-password&gt;</span> <span class="na">url</span><span class="pi">:</span> <span class="s">&lt;acr-name&gt;.azurecr.io/helm</span> <span class="na">type</span><span class="pi">:</span> <span class="s">helm</span> <span class="na">enableOCI</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">name</span><span class="pi">:</span> <span class="s">helm-oci</span> </code></pre> </div> <p>When you have update argocd with this config, you should see the following in the settings:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq128nouolz7rrqfmfjwu.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq128nouolz7rrqfmfjwu.png" alt="Argocd with helm-oci setup"></a></p> <h2> Automatizing the helm chart release </h2> <p>To prevent making a billion release tags while testing, I setup an alpha and beta mechanism on the helm chart's release system: </p> <ul> <li>When working on a branch, you immediately bump the version in the Chart.yaml and begin working.</li> <li>On every commit, create a tag <code>&lt;helm chart version&gt;-alpha</code> that you can use to test on your chart that uses the common dependency</li> <li>When you have tested everything, merge to main</li> <li>On every commit to main, create a tag <code>&lt;helm chart version&gt;-beta</code> </li> <li>To do a proper release, tag the commit you want to release with <code>v&lt;helm chart version&gt;</code>, this will create the tag <code>&lt;helm chart version&gt;</code> </li> </ul> <p>We will write two github action files :</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1">## deploy-test.yaml</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build image and push to registry</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">**'</span> <span class="na">concurrency</span><span class="pi">:</span> <span class="na">group</span><span class="pi">:</span> <span class="s">${{ github.ref }}</span> <span class="na">cancel-in-progress</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">package-and-push-common-main</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">helm-helpers-release-runner</span> <span class="na">defaults</span><span class="pi">:</span> <span class="na">run</span><span class="pi">:</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">./common</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up Helm</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">azure/setup-helm@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Login to Azure Container Registry</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">helm registry login ${{ vars.DOCKER_PROD_REGISTRY }} \</span> <span class="s">--username ${{ secrets.DOCKER_PROD_USERNAME }} \</span> <span class="s">--password ${{ secrets.DOCKER_PROD_PASSWORD }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Get chart version</span> <span class="na">id</span><span class="pi">:</span> <span class="s">get_chart_version</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">mikefarah/yq@v4.40.5</span> <span class="na">with</span><span class="pi">:</span> <span class="na">cmd</span><span class="pi">:</span> <span class="s">yq e '.version' ./common/Chart.yaml</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set calculated chart version</span> <span class="na">if</span><span class="pi">:</span> <span class="s">${{ github.ref != 'refs/heads/main' }}</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "CURRENT_VERSION=${{ steps.get_chart_version.outputs.result }}-alpha" &gt;&gt; $GITHUB_ENV</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set calculated chart version</span> <span class="na">if</span><span class="pi">:</span> <span class="s">${{ github.ref == 'refs/heads/main' }}</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "CURRENT_VERSION=${{ steps.get_chart_version.outputs.result }}-beta" &gt;&gt; $GITHUB_ENV</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and push chart</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">helm package . --version "$CURRENT_VERSION"</span> <span class="s">helm push "common-${CURRENT_VERSION}.tgz" "oci://${{ vars.DOCKER_PROD_REGISTRY }}/helm"</span> </code></pre> </div> <p>and </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># release.yaml</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">v*.*.*</span> <span class="na">concurrency</span><span class="pi">:</span> <span class="na">group</span><span class="pi">:</span> <span class="s">${{ github.ref }}</span> <span class="na">cancel-in-progress</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">release</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">helm-helpers-release-runner</span> <span class="na">defaults</span><span class="pi">:</span> <span class="na">run</span><span class="pi">:</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">./common</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up Helm</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">azure/setup-helm@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Login to Azure Container Registry</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">helm registry login ${{ vars.OCI_REGISTRY_URL }} \</span> <span class="s">--username ${{ secrets.OCI_REGISTRY_USERNAME }} \</span> <span class="s">--password ${{ secrets.OCI_REGISTRY_PASSWORD }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Get chart version</span> <span class="na">id</span><span class="pi">:</span> <span class="s">get_chart_version</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">mikefarah/yq@v4.40.5</span> <span class="na">with</span><span class="pi">:</span> <span class="na">cmd</span><span class="pi">:</span> <span class="s">yq e '.version' ./common/Chart.yaml</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Ensure tag matches chart version</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">current_version=${{ steps.get_chart_version.outputs.result }}</span> <span class="s">if [[ "${{ github.ref }}" != "refs/tags/v$current_version" ]]; then</span> <span class="s">echo "Tag does not match chart version"</span> <span class="s">exit 1</span> <span class="s">fi</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and push chart</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">helm package .</span> <span class="s">helm push *.tgz "oci://${{ vars.OCI_REGISTRY_URL }}/helm"</span> </code></pre> </div> <p>In the latter, I added a check to make sure the tag is matching the actual Chart version (this happened a lot when working with it :)).</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8tgwk0marwas12q5b9gj.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8tgwk0marwas12q5b9gj.png" alt="Learning Planet Institute"></a></p> <p>This article was written in collaboration with the Learning Planet Institute, check them out on <a href="https://twitter.com/lpiparis_" rel="noopener noreferrer">twitter</a></p> kubernetes helm azure devops