Use of Requirements.lock file in Helm charts


I am trying to understand the usage of Requirements.lock file . For using a dependent chart , we can make use of Requirements.yaml . Based on documentation

Requirements.lock : rebuild the charts/ directory based on the requirements.lock file

Requirements.yaml : update charts/ based on the contents of requirements.yaml

Can someone explain the difference and usage of lock file and do we need to checking requirements.lock file in the repo too ?

-- Balakumar Ezhilmaran

1 Answer


This article says it well:

Much like a runtime language dependency file (such as Python’s requirements.txt), the requirements.yaml file allows you to manage your chart’s dependencies and their versions. When updating dependencies, a lockfile is generated so that subsequent fetching of dependencies use a known, working version.

The requirements.yaml file lists only the immediate dependencies that your chart needs. This makes it easier for you to focus on your chart.

The requirements.lock file lists the exact versions of immediate dependencies and their dependencies and their dependencies and so forth. This allows helm to precisely track the entire dependency tree and recreate it exactly as it last worked--even if some of the dependencies (or their dependencies) are updated later.

Here's roughly how it works:

  1. You create the initial requirements.yaml file. You run helm install and helm creates the requirements.lock file as it builds the dependency tree.
  2. On the next helm install, helm will ensure that it uses the same versions identified in the requirements.lock file.
  3. At some later date, you update the requirements.yaml file. You run helm install (or helm upgrade) and helm will notice your changes and update the requirements.lock file to reflect them.
-- John Anderson
Source: StackOverflow