<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=521127644762074&amp;ev=PageView&amp;noscript=1">

Nova Contributors: Help Us Scan YAML templates and Ignore Non-Stable Versions

Nova is an open source project that makes it easy for you to scan your cluster for installed Helm charts, then it cross-checks them against all known Helm repositories. If it finds an updated version of the chart you're using or determines that your current version is deprecated, it will alert you. You can also use Nova to scan your cluster for out of date container images.

We’re always working to improve our open source projects and we have a Slack Community where you can ask questions, get answers, and make suggestions. Recently, we had a couple of questions that we thought were good, but we don’t have fixes for them yet. Let’s take a look.

Is it possible to scan Helm charts deployed by Argo CD?

Argo CD is a GitOps continuous delivery tool for Kubernetes. It allows teams to ensure that their Kubernetes environment is kept up-to-date with their Infrastructure-as-Code, automatically syncing any changes.

At this time, Nova does not scan the charts deployed by Argo CD. This is because ArgoCD doesn't create an actual Helm release–instead, it uses helm template to generate raw Kubernetes YAML, which it then applies. Unfortunately, this bypasses Helm’s release management system, which is required in order for Nova to be able to detect if the chart is out of date. 

In the meantime, you can still use the --containers functionality of Nova to find container versions that need updating.

We have this issue open to address that: Enable scanning yaml that has been templated from a helm chart

If you want to help us build out that enhancement to expand Nova usage, please reach out. 

Is there a way to ignore non stable versions of helm charts 

Every helm chart has a version number, and it also supports more complex SemVer2 names, such as version: 1.2.3-alpha.1+ef365. One Nova user asked if we could ignore non stable versions of charts, such as alpha, beta, and so on. They provided this example: 

Release Name                                Installed    Latest           Old      Deprecated
============                                =========    ======           ===      ==========
cert-manager                                v1.10.1      1.11.0           true     false
gatekeeper-system-gatekeeper                3.11.0       3.12.0-beta.0    true     false
kube-system-external-dns                    1.11.0       1.12.1           true     false

Right now, Nova looks at the authenticated context to find the versions, which does not allow you to ignore non stable versions because it doesn’t identify them. 

A good improvement to Nova would be to be able to look at Kubernetes manifests (for example, kustomize folders), do a dry run, and then find the Helm chart versions. This could help with GitHub actions, where we want to auto create a pull request (PR) if a new Helm chart version is detected, without authenticating to any environment. We have this enhancement flagged in these two issues: 

Fairwinds Open Source Community

The goal of the Fairwinds Community is to exchange ideas, build and contribute to open source projects, and network with Kubernetes users. Get involved: chat with us on Slack or  join the user group. And if you are interested in contributing to Nova or any of our other open source projects, we’d love to have your help making our open source offerings as useful as possible. 

If you want to run Nova in multiple clusters, track results over time, integrate with Slack, Datadog, and Jira, and unlock other functionality, check out  Fairwinds Insights.

See how Fairwinds Insights reduces your Kubernetes risk!