Drift detection for helm resources
Project description
Helm Inspect helps you track and detect drift between your Helm manifests and the actual deployed resources—without any complicated setup. It provides a drift check for Helm charts, uses a calibration model for precise drift detection, and sends Slack notifications on detected drifts.
Table of Contents
- Options
- Installation
- Calibration - Ignoring System-Generated Keys
- Detecting Helm Drifts
- Strict Mode (Detect All Changes)
- Slack Integration
- Command Summary
- Features
- License
Options
| Option | Short | Description |
|---|---|---|
--release |
-r |
Helm release name (Required). |
--namespace |
-n |
Kubernetes namespace (Required). |
--calibrate |
-c |
Captures system-generated keys after a fresh Helm install. |
--no-ignore |
-I |
Disables ignoring system-generated keys for strict drift detection. |
--verbose |
-v |
Enables verbose logging (debug mode). |
--slack-channel |
Slack channel to post drift results (can use HI_SLACK_CHANNEL env var). |
|
--slack-token |
Slack bot token (can use HI_SLACK_BOT_TOKEN env var). |
Installation
[!NOTE] Ensure you have Python 3.8+, Kubectl and Helm installed.
HelmInspect is a lightweight CLI tool to detect Helm drifts instantly. Install it via pip:
pip install helm-inspect
Calibration - Ignoring System-Generated Keys
After every Helm install, Kubernetes automatically adds some system-generated keys that should not be considered as drifts. To account for these, run:
helm-inspect -r <release-name> -n <namespace> -c
Example
Command
helm-inspect -r my-release -n production -c
This assumes the current state is a fresh installation, identifies system-added keys, and stores them in a temporary ignore list.
Output
[INFO] ✅ Calibration data deleted successfully.
[INFO] 🔍 Starting Analysis for calibration...
[INFO] Checking drift for Secret `myrelease-secret`...
[INFO] Checking drift for ConfigMap `myrelease-configmap`...
[INFO] Checking drift for Service `myrelease-service`...
[INFO] Checking drift for Deployment `myrelease-deployment`...
[INFO] Checking drift for Ingress `myrelease-ingress`...
[INFO] Analyzed 5 resources and found 22 drift-prone keys.
[INFO] ✅ Calibration data saved successfully.
Detecting Helm Drifts
To check for configuration drifts, simply run:
helm-inspect -r <release-name> -n <namespace>
Example
Command
helm-inspect -r my-release -n production
Output
[INFO] ✨ Using existing calibration data.
[INFO] Checking drift for Secret `myrelease-secret`...
[INFO] ✅ No drift detected in Secret `myrelease-secret`.
[INFO] Checking drift for ConfigMap `myrelease-configmap`...
[ERROR] ❌ Drift detected in ConfigMap `myrelease-configmap`:
--- Helm Manifest
+++ Live Kubernetes
@@ -1,3 +1,3 @@
{
- "custom.conf": "\nserver {\n listen 80;\n server_name localhost;\n}\n"
+ "custom.conf": "\nserver {\n listen 8000;\n server_name localhost;\n}\n"
}
[INFO] Checking drift for Service `myrelease-service`...
[INFO] ✅ No drift detected in Service `myrelease-service`.
[INFO] ✅ Drift data saved successfully.
This will:
- Compare the deployed Helm manifest with the actual Kubernetes resources.
- Show differences in CLI output (like a
diff). - Store a JSON report in a temp directory.
Strict Mode (Detect All Changes)
By default, HelmInspect ignores system-generated keys. To disable this behavior and see every difference:
helm-inspect -r <release-name> -n <namespace> -I
Example
Command
helm-inspect -r my-release -n production -I
Output
[INFO] Checking drift for ConfigMap `myrelease-configmap`...
[ERROR] ❌ Drift detected in ConfigMap `myrelease-configmap`:
--- Helm Manifest
+++ Live Kubernetes
@@ -1,3 +1,3 @@
{
- "custom.conf": "\nserver {\n listen 80;\n server_name localhost;\n}\n"
+ "custom.conf": "\nserver {\n listen 8000;\n server_name localhost;\n}\n"
}
[INFO] Checking drift for Secret `myrelease-secret`...
[ERROR] ❌ Drift detected in Secret `myrelease-secret`:
--- Helm Manifest
+++ Live Kubernetes
@@ -1,3 +1,3 @@
{
- "authToken": "abcd1234"
+ "authToken": "efgh5678"
}
This mode is useful if you suspect hidden or untracked changes.
Slack Integration
Automate drift notifications to Slack:
helm-inspect -r <release-name> -n <namespace> --slack-token <token> --slack-channel <channel>
Example
Command
helm-inspect -r my-release -n production --slack-token xoxb-123456 --slack-channel SLACKCHANNELID
Output
[INFO] ✅ Drift data saved successfully.
✨ Slack Notification Sent!
This sends drift reports directly to your team’s Slack channel, keeping everyone updated.
Command Summary
| Command | Description |
|---|---|
helm-inspect -r <release> -n <namespace> -c |
Calibrate to ignore system-generated keys. |
helm-inspect -r <release> -n <namespace> |
Detect drifts and show differences. |
helm-inspect -r <release> -n <namespace> -I |
Strict mode (show all changes). |
helm-inspect -r <release> -n <namespace> --slack-token <token> --slack-channel <channel> |
Send drift reports to Slack. |
Features
- Drift Detection: Compare Helm manifests with actual Kubernetes resources.
- Calibration: Ignore system-generated keys for precise drift detection.
- Strict Mode: Detect all changes, including hidden or untracked ones.
- Slack Integration: Send drift reports directly to your team’s Slack channel.
- Lightweight: No complicated setup or dependencies—just install and run.
- Open Source: Available under the Apache Version 2.0 License.
License
HelmInspect is released under the Apache Version 2.0 License.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file helm_inspect-1.0.0.tar.gz.
File metadata
- Download URL: helm_inspect-1.0.0.tar.gz
- Upload date:
- Size: 13.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.1 CPython/3.12.9 Linux/6.8.0-1021-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
46632b29a0aea960c35fbaf65b5760692def153b987562451396602de5dc835e
|
|
| MD5 |
89c50e7be901e84601d6dee7bd5fc029
|
|
| BLAKE2b-256 |
debb2e3c787c41a59068d0beec5d08369f896f106b266ae180ba30d8f1d8a96d
|
File details
Details for the file helm_inspect-1.0.0-py3-none-any.whl.
File metadata
- Download URL: helm_inspect-1.0.0-py3-none-any.whl
- Upload date:
- Size: 16.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.1 CPython/3.12.9 Linux/6.8.0-1021-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3c233b4347e24da5ba40e0bd4f3396f8eee7bcd1f63060630d130fd273e32335
|
|
| MD5 |
5b405eac80f7436e4bbe62d307ae09f5
|
|
| BLAKE2b-256 |
56bc8483986eb6de9631de8f1da4865f2ae23114101af1cdf93e706cf2bbc24b
|