Safe Helm Deploy
Deploy via Helm with image verification: $ARGUMENTS
Pre-Deploy Checklist
-
Verify the image exists in the registry
# ACR az acr repository show-tags --name <registry> --repository <image> --orderby time_desc --top 5 # Docker Hub docker manifest inspect <registry>/<image>:<tag> -
Check what's currently running
helm list -n <namespace> kubectl get pods -n <namespace> -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{range .spec.containers[*]}{.image}{"\n"}{end}{end}' -
Diff the changes before applying
helm diff upgrade <release> <chart> -n <namespace> \ --set image.tag=<new-tag> \ --set image.pullPolicy=Always \ -f values.yaml
Deploy Command Template
helm upgrade --install <release> <chart> \
--namespace <namespace> \
--set image.repository=<registry>/<image> \
--set image.tag=<specific-tag> \
--set image.pullPolicy=Always \
--atomic \
--wait \
--timeout 5m \
-f values.yaml
Post-Deploy Verification
# Verify new pods are running
kubectl rollout status deployment/<deployment> -n <namespace>
# Verify the correct image is running
kubectl get pods -n <namespace> -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{range .spec.containers[*]}{.image}{"\n"}{end}{end}'
# Check pod logs for startup errors
kubectl logs -l app=<app> -n <namespace> --tail=50
Rollback (if needed)
helm rollback <release> -n <namespace>
# Or to a specific revision:
helm history <release> -n <namespace>
helm rollback <release> <revision> -n <namespace>
Critical Rules
- ALWAYS use
--set image.tag=<specific>with a unique tag (git SHA, semver) - ALWAYS use
--set image.pullPolicy=Alwaysto force fresh pulls - ALWAYS use
--atomicfor automatic rollback on failure - ALWAYS use
--waitto confirm pods are healthy - NEVER deploy with
:latestas the only tag - ALWAYS verify the image exists in registry BEFORE deploying