Skip to content

qreater/HelmInspect

BranchesTags

Repository files navigation

Logo

Helm Inspect helps you track and detect drift between your Helm manifests and the actual deployed resources—without any complicated setup. It provides a drift check for Helm charts, uses a calibration model for precise drift detection, and sends Slack notifications on detected drifts.

Table of Contents

Options

Option Short Description
--release -r Helm release name (Required).
--namespace -n Kubernetes namespace (Required).
--calibrate -c Captures system-generated keys after a fresh Helm install.
--no-ignore -I Disables ignoring system-generated keys for strict drift detection.
--verbose -v Enables verbose logging (debug mode).
--slack-channel Slack channel to post drift results (can use HI_SLACK_CHANNEL env var).
--slack-token Slack bot token (can use HI_SLACK_BOT_TOKEN env var).

Installation

Note

Ensure you have Python 3.8+, Kubectl and Helm installed.

HelmInspect is a lightweight CLI tool to detect Helm drifts instantly. Install it via pip:

pip install helm-inspect

Calibration - Ignoring System-Generated Keys

After every Helm install, Kubernetes automatically adds some system-generated keys that should not be considered as drifts. To account for these, run:

helm-inspect -r <release-name> -n <namespace> -c
Example

Command

helm-inspect -r my-release -n production -c

This assumes the current state is a fresh installation, identifies system-added keys, and stores them in a temporary ignore list.

Output

[INFO] ✅ Calibration data deleted successfully.
[INFO] 🔍 Starting Analysis for calibration...

[INFO] Checking drift for Secret `myrelease-secret`...
[INFO] Checking drift for ConfigMap `myrelease-configmap`...
[INFO] Checking drift for Service `myrelease-service`...
[INFO] Checking drift for Deployment `myrelease-deployment`...
[INFO] Checking drift for Ingress `myrelease-ingress`...

[INFO] Analyzed 5 resources and found 22 drift-prone keys.
[INFO] ✅ Calibration data saved successfully.

Detecting Helm Drifts

To check for configuration drifts, simply run:

helm-inspect -r <release-name> -n <namespace>
Example

Command

helm-inspect -r my-release -n production

Output

[INFO] ✨ Using existing calibration data.

[INFO] Checking drift for Secret `myrelease-secret`...
[INFO] ✅ No drift detected in Secret `myrelease-secret`.

[INFO] Checking drift for ConfigMap `myrelease-configmap`...
[ERROR] ❌ Drift detected in ConfigMap `myrelease-configmap`:
--- Helm Manifest
+++ Live Kubernetes
@@ -1,3 +1,3 @@
 {
-  "custom.conf": "\nserver {\n    listen 80;\n    server_name localhost;\n}\n"
+  "custom.conf": "\nserver {\n    listen 8000;\n    server_name localhost;\n}\n"
}

[INFO] Checking drift for Service `myrelease-service`...
[INFO] ✅ No drift detected in Service `myrelease-service`.
[INFO] ✅ Drift data saved successfully.

This will:

  • Compare the deployed Helm manifest with the actual Kubernetes resources.
  • Show differences in CLI output (like a diff).
  • Store a JSON report in a temp directory.

Strict Mode (Detect All Changes)

By default, HelmInspect ignores system-generated keys. To disable this behavior and see every difference:

helm-inspect -r <release-name> -n <namespace> -I
Example

Command

helm-inspect -r my-release -n production -I

Output

[INFO] Checking drift for ConfigMap `myrelease-configmap`...
[ERROR] ❌ Drift detected in ConfigMap `myrelease-configmap`:
--- Helm Manifest
+++ Live Kubernetes
@@ -1,3 +1,3 @@
 {
-  "custom.conf": "\nserver {\n    listen 80;\n    server_name localhost;\n}\n"
+  "custom.conf": "\nserver {\n    listen 8000;\n    server_name localhost;\n}\n"
}

[INFO] Checking drift for Secret `myrelease-secret`...
[ERROR] ❌ Drift detected in Secret `myrelease-secret`:
--- Helm Manifest
+++ Live Kubernetes
@@ -1,3 +1,3 @@
 {
-  "authToken": "abcd1234"
+  "authToken": "efgh5678"
}

This mode is useful if you suspect hidden or untracked changes.

Slack Integration

Automate drift notifications to Slack:

helm-inspect -r <release-name> -n <namespace> --slack-token <token> --slack-channel <channel>
Example

Command

helm-inspect -r my-release -n production --slack-token xoxb-123456 --slack-channel SLACKCHANNELID

Output

[INFO] ✅ Drift data saved successfully.
✨ Slack Notification Sent!

This sends drift reports directly to your team’s Slack channel, keeping everyone updated.

Command Summary

Command Description
helm-inspect -r <release> -n <namespace> -c Calibrate to ignore system-generated keys.
helm-inspect -r <release> -n <namespace> Detect drifts and show differences.
helm-inspect -r <release> -n <namespace> -I Strict mode (show all changes).
helm-inspect -r <release> -n <namespace> --slack-token <token> --slack-channel <channel> Send drift reports to Slack.

Features

  • Drift Detection: Compare Helm manifests with actual Kubernetes resources.
  • Calibration: Ignore system-generated keys for precise drift detection.
  • Strict Mode: Detect all changes, including hidden or untracked ones.
  • Slack Integration: Send drift reports directly to your team’s Slack channel.
  • Lightweight: No complicated setup or dependencies—just install and run.
  • Open Source: Available under the Apache Version 2.0 License.

License

HelmInspect is released under the Apache Version 2.0 License.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

v1.0.0 Latest
Mar 11, 2025

Packages

 
 
 

Contributors

Languages