Skip to main content

Drift detection for helm resources

Project description

Logo

Helm Inspect helps you track and detect drift between your Helm manifests and the actual deployed resources—without any complicated setup. It provides a drift check for Helm charts, uses a calibration model for precise drift detection, and sends Slack notifications on detected drifts.

Table of Contents


Options

Option Short Description
--release -r Helm release name (Required).
--namespace -n Kubernetes namespace (Required).
--calibrate -c Captures system-generated keys after a fresh Helm install.
--no-ignore -I Disables ignoring system-generated keys for strict drift detection.
--verbose -v Enables verbose logging (debug mode).
--slack-channel Slack channel to post drift results (can use HI_SLACK_CHANNEL env var).
--slack-token Slack bot token (can use HI_SLACK_BOT_TOKEN env var).

Installation

[!NOTE] Ensure you have Python 3.8+, Kubectl and Helm installed.

HelmInspect is a lightweight CLI tool to detect Helm drifts instantly. Install it via pip:

pip install helm-inspect

Calibration - Ignoring System-Generated Keys

After every Helm install, Kubernetes automatically adds some system-generated keys that should not be considered as drifts. To account for these, run:

helm-inspect -r <release-name> -n <namespace> -c
Example

Command

helm-inspect -r my-release -n production -c

This assumes the current state is a fresh installation, identifies system-added keys, and stores them in a temporary ignore list.

Output

[INFO]  Calibration data deleted successfully.
[INFO] 🔍 Starting Analysis for calibration...

[INFO] Checking drift for Secret `myrelease-secret`...
[INFO] Checking drift for ConfigMap `myrelease-configmap`...
[INFO] Checking drift for Service `myrelease-service`...
[INFO] Checking drift for Deployment `myrelease-deployment`...
[INFO] Checking drift for Ingress `myrelease-ingress`...

[INFO] Analyzed 5 resources and found 22 drift-prone keys.
[INFO]  Calibration data saved successfully.

Detecting Helm Drifts

To check for configuration drifts, simply run:

helm-inspect -r <release-name> -n <namespace>
Example

Command

helm-inspect -r my-release -n production

Output

[INFO]  Using existing calibration data.

[INFO] Checking drift for Secret `myrelease-secret`...
[INFO]  No drift detected in Secret `myrelease-secret`.

[INFO] Checking drift for ConfigMap `myrelease-configmap`...
[ERROR]  Drift detected in ConfigMap `myrelease-configmap`:
--- Helm Manifest
+++ Live Kubernetes
@@ -1,3 +1,3 @@
 {
-  "custom.conf": "\nserver {\n    listen 80;\n    server_name localhost;\n}\n"
+  "custom.conf": "\nserver {\n    listen 8000;\n    server_name localhost;\n}\n"
}

[INFO] Checking drift for Service `myrelease-service`...
[INFO]  No drift detected in Service `myrelease-service`.
[INFO]  Drift data saved successfully.

This will:

  • Compare the deployed Helm manifest with the actual Kubernetes resources.
  • Show differences in CLI output (like a diff).
  • Store a JSON report in a temp directory.

Strict Mode (Detect All Changes)

By default, HelmInspect ignores system-generated keys. To disable this behavior and see every difference:

helm-inspect -r <release-name> -n <namespace> -I
Example

Command

helm-inspect -r my-release -n production -I

Output

[INFO] Checking drift for ConfigMap `myrelease-configmap`...
[ERROR]  Drift detected in ConfigMap `myrelease-configmap`:
--- Helm Manifest
+++ Live Kubernetes
@@ -1,3 +1,3 @@
 {
-  "custom.conf": "\nserver {\n    listen 80;\n    server_name localhost;\n}\n"
+  "custom.conf": "\nserver {\n    listen 8000;\n    server_name localhost;\n}\n"
}

[INFO] Checking drift for Secret `myrelease-secret`...
[ERROR]  Drift detected in Secret `myrelease-secret`:
--- Helm Manifest
+++ Live Kubernetes
@@ -1,3 +1,3 @@
 {
-  "authToken": "abcd1234"
+  "authToken": "efgh5678"
}

This mode is useful if you suspect hidden or untracked changes.


Slack Integration

Automate drift notifications to Slack:

helm-inspect -r <release-name> -n <namespace> --slack-token <token> --slack-channel <channel>
Example

Command

helm-inspect -r my-release -n production --slack-token xoxb-123456 --slack-channel SLACKCHANNELID

Output

[INFO]  Drift data saved successfully.
✨ Slack Notification Sent!

This sends drift reports directly to your team’s Slack channel, keeping everyone updated.


Command Summary

Command Description
helm-inspect -r <release> -n <namespace> -c Calibrate to ignore system-generated keys.
helm-inspect -r <release> -n <namespace> Detect drifts and show differences.
helm-inspect -r <release> -n <namespace> -I Strict mode (show all changes).
helm-inspect -r <release> -n <namespace> --slack-token <token> --slack-channel <channel> Send drift reports to Slack.

Features

  • Drift Detection: Compare Helm manifests with actual Kubernetes resources.
  • Calibration: Ignore system-generated keys for precise drift detection.
  • Strict Mode: Detect all changes, including hidden or untracked ones.
  • Slack Integration: Send drift reports directly to your team’s Slack channel.
  • Lightweight: No complicated setup or dependencies—just install and run.
  • Open Source: Available under the Apache Version 2.0 License.

License

HelmInspect is released under the Apache Version 2.0 License.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

helm_inspect-1.0.0.tar.gz (13.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

helm_inspect-1.0.0-py3-none-any.whl (16.9 kB view details)

Uploaded Python 3

File details

Details for the file helm_inspect-1.0.0.tar.gz.

File metadata

  • Download URL: helm_inspect-1.0.0.tar.gz
  • Upload date:
  • Size: 13.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.1.1 CPython/3.12.9 Linux/6.8.0-1021-azure

File hashes

Hashes for helm_inspect-1.0.0.tar.gz
Algorithm Hash digest
SHA256 46632b29a0aea960c35fbaf65b5760692def153b987562451396602de5dc835e
MD5 89c50e7be901e84601d6dee7bd5fc029
BLAKE2b-256 debb2e3c787c41a59068d0beec5d08369f896f106b266ae180ba30d8f1d8a96d

See more details on using hashes here.

File details

Details for the file helm_inspect-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: helm_inspect-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 16.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.1.1 CPython/3.12.9 Linux/6.8.0-1021-azure

File hashes

Hashes for helm_inspect-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3c233b4347e24da5ba40e0bd4f3396f8eee7bcd1f63060630d130fd273e32335
MD5 5b405eac80f7436e4bbe62d307ae09f5
BLAKE2b-256 56bc8483986eb6de9631de8f1da4865f2ae23114101af1cdf93e706cf2bbc24b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page