Helm Chart Validation Just Got Smarter Thanks to This Google-Powered Tool

Helm chart validation has traditionally relied on JSON Schema, which, while functional, can be limiting when you need more expressive validation rules. Enter the Helm CEL Plugin - a powerful new tool that leverages Common Expression Language (CEL) to provide more flexible and powerful validation capabilities for your Helm charts.

What is CEL?

Common Expression Language (CEL) is a simple, powerful expression language created by Google that makes it easy to write complex validation rules. With CEL, you can write more intuitive and expressive validation rules compared to JSON Schema while maintaining excellent performance and safety guarantees.

Getting Started

Installation is straightforward using Helm's plugin management system:

helm plugin install https://github.com/idsulik/helm-cel

Core Features

Value Validation

The plugin introduces a new command for validating your chart values:

helm cel validate ./mychart

You can specify custom files for both values and rules:

helm cel validate ./mychart --values-file prod.values.yaml --rules-file prod.cel.yaml

Rule Generation

One of the standout features is the ability to generate validation rules based on your existing values structure automatically:

helm cel generate ./mychart

This is particularly useful when starting with a new chart or when you want to create a baseline set of rules that you can then customize.

Writing Validation Rules

The rules are defined in a values.cel.yaml file, with each rule consisting of:

• A CEL expression that must evaluate to true for valid values
• A description explaining what the rule validates
• An optional severity level

Here's a practical example:

rules:
  - expr: "has(values.service) && has(values.service.port)"
    desc: "service port is required"
  
  - expr: "values.service.port >= 1 && values.service.port <= 65535"
    desc: "service port must be between 1 and 65535"
    severity: warning

Advanced Features

Severity Levels

The plugin supports two severity levels:

• error: Fails validation (default)
• warning: Shows a warning but allows validation to pass

This flexibility allows you to implement both strict requirements and best-practice recommendations in your validation rules.

Reusable Expressions

To keep your rules DRY (Don't Repeat Yourself), you can define reusable expressions:

expressions:
  portRange: 'values.service.port >= 1 && values.service.port <= 65535'
  nodePortRange: 'values.service.nodePort >= 30000 && values.service.nodePort <= 32767'

rules:
  - expr: "${portRange}"
    desc: "Service port must be valid"
  
  - expr: 'values.service.type == "NodePort" ? ${nodePortRange} : true'
    desc: "NodePort must be valid when type is NodePort"

Common Validation Patterns

Here are some practical examples of common validation scenarios:

1. Required Fields

- expr: "has(values.fieldName)"
  desc: "fieldName is required"

2. Numeric Ranges

- expr: "values.number >= 0 && values.number <= 100"
  desc: "number must be between 0 and 100"

3. Type Checking

- expr: "type(values.ports) == list"
  desc: "ports must be a list"

4. Resource Specifications

- expr: 'values.resources.requests.memory.matches("^[0-9]+(Mi|Gi)$")'
  desc: "memory requests must be in Mi or Gi"

Clear Feedback

The plugin provides clear, actionable feedback when validation fails:

❌ Validation failed: replica count must be at least 1
   Rule: values.replicaCount >= 1
   Path: replicaCount
   Current value: 0

For warnings, you'll see:

⚠️ Service port must be between 1 and 65535
   Rule: values.service.port >= 1 && values.service.port <= 65535
   Path: service.port
   Current value: 80801

Why Choose Helm CEL Plugin?

1. More Expressive: CEL provides a more natural and powerful way to express validation rules compared to JSON Schema.
2. Better Error Messages: Get clear, actionable feedback when validation fails.
3. Flexible Severity Levels: Distinguish between hard requirements and best practices.
4. Rule Generation: Automatically generate baseline rules from existing values.
5. Reusable Expressions: Keep your validation rules DRY and maintainable.

Conclusion

The Helm CEL Plugin brings a new level of sophistication to Helm chart validation. By leveraging the power of CEL, it provides a more expressive and maintainable way to ensure your Helm charts are configured correctly. Whether you're managing a single chart or maintaining a large repository of charts, this plugin can help you catch configuration issues early and ensure consistency across your Kubernetes deployments.

If you're tired of the limitations of JSON Schema validation, give the Helm CEL Plugin a try. Your future self (and your team) will thank you.