Nova is an open source project that makes it easy for you to scan your cluster for installed Helm charts, then it cross-checks them against all known Helm repositories. If it finds an updated version of the chart you're using or determines that your current version is deprecated, it will alert you. You can also use Nova to scan your cluster for out of date container images.
We’re always working to improve our open source projects and we have a Slack Community where you can ask questions, get answers, and make suggestions. Recently, we had a couple of questions that we thought were good, but we don’t have fixes for them yet. Let’s take a look.
Argo CD is a GitOps continuous delivery tool for Kubernetes. It allows teams to ensure that their Kubernetes environment is kept up-to-date with their Infrastructure-as-Code, automatically syncing any changes.
At this time, Nova does not scan the charts deployed by Argo CD. This is because ArgoCD doesn't create an actual Helm release–instead, it uses helm template to generate raw Kubernetes YAML, which it then applies. Unfortunately, this bypasses Helm’s release management system, which is required in order for Nova to be able to detect if the chart is out of date.
In the meantime, you can still use the --containers functionality of Nova to find container versions that need updating.
We have this issue open to address that: Enable scanning yaml that has been templated from a helm chart
If you want to help us build out that enhancement to expand Nova usage, please reach out.
Every helm chart has a version number, and it also supports more complex SemVer2 names, such as version: 1.2.3-alpha.1+ef365. One Nova user asked if we could ignore non stable versions of charts, such as alpha, beta, and so on. They provided this example:
Release Name Installed Latest Old Deprecated
============ ========= ====== === ==========
cert-manager v1.10.1 1.11.0 true false
gatekeeper-system-gatekeeper 3.11.0 3.12.0-beta.0 true false
kube-system-external-dns 1.11.0 1.12.1 true falseRight now, Nova looks at the authenticated context to find the versions, which does not allow you to ignore non stable versions because it doesn’t identify them.
A good improvement to Nova would be to be able to look at Kubernetes manifests (for example, kustomize folders), do a dry run, and then find the Helm chart versions. This could help with GitHub actions, where we want to auto create a pull request (PR) if a new Helm chart version is detected, without authenticating to any environment. We have this enhancement flagged in these two issues:
The goal of the Fairwinds Community is to exchange ideas, build and contribute to open source projects, and network with Kubernetes users. Get involved: chat with us on Slack or join the user group. And if you are interested in contributing to Nova or any of our other open source projects, we’d love to have your help making our open source offerings as useful as possible.
If you want to run Nova in multiple clusters, track results over time, integrate with Slack, Datadog, and Jira, and unlock other functionality, check out Fairwinds Insights.
