Helm chart validation has traditionally relied on JSON Schema, which, while functional, can be limiting when you need more expressive validation rules. Enter the Helm CEL Plugin - a powerful new tool that leverages Common Expression Language (CEL) to provide more flexible and powerful validation capabilities for your Helm charts.
What is CEL?
Common Expression Language (CEL) is a simple, powerful expression language created by Google that makes it easy to write complex validation rules. With CEL, you can write more intuitive and expressive validation rules compared to JSON Schema while maintaining excellent performance and safety guarantees.
Getting Started
Installation is straightforward using Helm's plugin management system:
helm plugin install https://github.com/idsulik/helm-cel
Core Features
Value Validation
The plugin introduces a new command for validating your chart values:
helm cel validate ./mychart
You can specify custom files for both values and rules:
helm cel validate ./mychart --values-file prod.values.yaml --rules-file prod.cel.yaml
Rule Generation
One of the standout features is the ability to generate validation rules based on your existing values structure automatically:
helm cel generate ./mychart
This is particularly useful when starting with a new chart or when you want to create a baseline set of rules that you can then customize.
Writing Validation Rules
The rules are defined in a values.cel.yaml file, with each rule consisting of:
- A CEL expression that must evaluate to
truefor valid values - A description explaining what the rule validates
- An optional severity level
Here's a practical example:
rules:
- expr: "has(values.service) && has(values.service.port)"
desc: "service port is required"
- expr: "values.service.port >= 1 && values.service.port <= 65535"
desc: "service port must be between 1 and 65535"
severity: warning
Advanced Features
Severity Levels
The plugin supports two severity levels:
error: Fails validation (default)warning: Shows a warning but allows validation to pass
This flexibility allows you to implement both strict requirements and best-practice recommendations in your validation rules.
Reusable Expressions
To keep your rules DRY (Don't Repeat Yourself), you can define reusable expressions:
expressions:
portRange: 'values.service.port >= 1 && values.service.port <= 65535'
nodePortRange: 'values.service.nodePort >= 30000 && values.service.nodePort <= 32767'
rules:
- expr: "${portRange}"
desc: "Service port must be valid"
- expr: 'values.service.type == "NodePort" ? ${nodePortRange} : true'
desc: "NodePort must be valid when type is NodePort"
Common Validation Patterns
Here are some practical examples of common validation scenarios:
- Required Fields
- expr: "has(values.fieldName)"
desc: "fieldName is required"
- Numeric Ranges
- expr: "values.number >= 0 && values.number <= 100"
desc: "number must be between 0 and 100"
- Type Checking
- expr: "type(values.ports) == list"
desc: "ports must be a list"
- Resource Specifications
- expr: 'values.resources.requests.memory.matches("^[0-9]+(Mi|Gi)$")'
desc: "memory requests must be in Mi or Gi"
Clear Feedback
The plugin provides clear, actionable feedback when validation fails:
❌ Validation failed: replica count must be at least 1
Rule: values.replicaCount >= 1
Path: replicaCount
Current value: 0
For warnings, you'll see:
⚠️ Service port must be between 1 and 65535
Rule: values.service.port >= 1 && values.service.port <= 65535
Path: service.port
Current value: 80801
Why Choose Helm CEL Plugin?
- More Expressive: CEL provides a more natural and powerful way to express validation rules compared to JSON Schema.
- Better Error Messages: Get clear, actionable feedback when validation fails.
- Flexible Severity Levels: Distinguish between hard requirements and best practices.
- Rule Generation: Automatically generate baseline rules from existing values.
- Reusable Expressions: Keep your validation rules DRY and maintainable.
Conclusion
The Helm CEL Plugin brings a new level of sophistication to Helm chart validation. By leveraging the power of CEL, it provides a more expressive and maintainable way to ensure your Helm charts are configured correctly. Whether you're managing a single chart or maintaining a large repository of charts, this plugin can help you catch configuration issues early and ensure consistency across your Kubernetes deployments.
If you're tired of the limitations of JSON Schema validation, give the Helm CEL Plugin a try. Your future self (and your team) will thank you.
