#helmfile (2019-05)
Questions and discussion around helmfile https://github.com/roboll/helmfile and https://github.com/cloudposse/helmfiles
Archive: https://archive.sweetops.com/helmfile/
2019-05-03
hello there,
I am launching an helmfile apply on this
releases:
- name: redis
chart: stable/redis
hooks:
- events: ["cleanup"]
command: "echo"
args: ["foo bar"]
And expect to see “foo bar” on my console but nothing appears ?
what am I doing wrong ?
can you check logs of your deployment? it should in stdout of container, not yours
what ! it does not make sense at all. The hook is not executed is any of the pod of my deployment.
why would it and which container ?
didn’t noticed was a hook, sorry
prepare hook behaves the same. Try with --log-level=debug and you will see the output. I don’t know though whether it is an expected behaviour or not.
2019-05-05
2019-05-09
Do you guys want the new config bases: ["mybase.yaml"] added to helmfile, even though it won’t support templating, and yaml anchors across the border? https://github.com/roboll/helmfile/issues/388#issuecomment-489633839
Started to think we should require .gotpl extension to enable the whole-file templating of helmfile.yaml https://github.com/roboll/helmfile/pull/573#issuecomment-491142465
@SeB @Erik Osterman (Cloud Posse) I’m interested in your opinion!
Is there a similar convention enforced by other projects?
maybe, but nothing im aware of
i think it isn’t a popular problem. there’s no major tool that deals with two phases of templates with a single tool
for example gomplate works by evaluating go template once for each file
variant command is a valid yaml. script and arguments can be templated go template expressions. but the whole command is a valid YAML and no file-wide templating is possible
i think i see some helm charts now and then using the .gotpl extension
that’s good news
Also cc/ @Shane
Wait I thought we currently required a extension
Yaml files don’t get templates
What am I missing
@Shane Yep, for values.yaml that’s true
I’m proposing the same for helmfile.yaml
Ahh
(I think we’ve discussed about that long before… but at that time we thought it’s better to just use .yaml as helm templates do the same
I typically don’t put anything in my helmfile except for chart references
Oh!
Hence never thinking about the templating of helmfile
Do you use another tools to make it work against various envs, repositories, and so on?
I keep pushing our teams to leverage it as little as possible if we control the chart
i.e. generating helmfile.yaml with a tool like jsonnet
All values are kept in separate values files
So helmfile is a list of charts and value references
that’s a neat idea
so you maintain one helmfile.yaml per environment
Almost yes
In dev we have a helmfile per team also
makes sense!
i think the helmfile.yaml template is used (1)when people want to create a single helmfile.yaml that is the entrypoint to all the flavors of environments or (2)make each helmfile.yaml DRY when one has to maintain many of them, without introducing another tools like jsonnet
so use-case like yours completely make sense to me
Hello, @mumoshu 1) could you explain in detail why we can’t consider helmfile.yaml as a template file and why we need to have both extensions. 2) Also why not using the same extension as values (gotmpl vs gotpl) or vise-versa otherwise this will be confusing.
For 1), it doesn’t work well with release templating.
For 2), gotmpl and gotpl should be merged. I think I meant gotmpl
An example related to 1) can be seen at https://github.com/roboll/helmfile/pull/573
releases:
- name: redis-test
chart: stable/redis
values:
- fake_key:
redis_pass_east: {{ ssm "east1:redis_password" }}
{{ ssm "east1:redis_password" }} is evaluated twice in the above example.
Another example for release templates, is that you can’t write:
releases:
- name: redis-test
values:
- releases/{{ .Release.Name }}/values.yaml
It must be:
releases:
- name: redis-test
values:
- releases/{{` {{ .Release.Name }} `}}/values.yaml
Due to that helmfile.yaml itself is a go template.
thank @mumoshu for your quick answer, but change the extension to gotmpl whould change what in the above examples ?
@SeB What I suggested was to “add” .gotmpl ext. to explicitly enable helmfile.yaml templating. And release templates are always enabled. That being said
but why not consider always helmfile.yaml a templates ?
Making helmfile require .gotmpl to enable helmfile.yaml templating allows you to write a regular YAML file named helmfile.yaml
So that
releases:
- name: redis-test
values:
- releases/{{ .Release.Name }}/values.yaml
THis is a valid helmfile.yaml with just release templaets
Note that it isn’t a valid helmfile.yaml if helmfile.yaml itself is a go template
This happens because there’s two template contexts. When templating helmfile.yaml as a whole, you have no access to {{ .Release }}
When templating helmfile.yaml as a whole, we have no {{ .Release }} in the template context available, because helmfile.yaml is basically a template that “produces YAML” .
No way to know what releases are defined in the helmfile.yaml before rendering and parsing it as YAML…
ok, I think I got it
And no way to know which {{ .Release }} it is rendering while templating helmfile.yaml as a whole
// {{ .Release }} becomes available only when helmfile iterates over each release defined in the YAML
so what you propose is to have 2 extensions : 1) helmfile.yaml
releases:
- name: redis-test
values:
- releases/{{ .Release.Name }}/values.yaml
2) helmfie.gotmpl
releases:
- name: redis-test
values:
- releases/{{` {{ .Release.Name }} `}}/values.yaml
to have the same result
Exactly!
I am afraid this is too complicated for the end-user.
Yep it is
I’m thinking that it is already complicated and we’d better migrate towards explicit file ext. towards helmfile v1
so that it becomes simpler
I beleive this could be just much better explained in the documentation, this is what it is lacking today. The of precise documentation make pleople to hack/try/fail to have their helmfile working
For advanced users I’d still suggest using helmfile.gotmpl. But as I’ve explained in the issue, you can fully achieve the same result even with helmfile.yaml without gotmpl, when combined with bases
Hm, maybe in that case I completely remove helmfile.yaml and only helmfile.gotmpl supported.
so that there’s no confusion anyway.
And the docs you’ve suggested would help people understand why one needs backticks sometimes
yep
Great! Thanks for all the feedbacks
So we can proceed that way
And discuss about re-introducing helmfile.yaml but as a regular YAML file this time separately in longer term, maybe after docs improvements, if it is really people want
Summarized our discussion in https://github.com/roboll/helmfile/issues/584#issuecomment-491177956
It is interesting that helmfile.yaml, rather than helmfile.gotmpl, started to look like for advanced users
2019-05-10
is anyone successfully using helmfile with keel?
2019-05-11
@Ufou Hey! Unfortunately I have never tried that myself. And I think you’d need to enhance keelhq a bit to “fully” make it work with helmfile
Keel updates your container images referenced by your apps by calling helm on its own.
I thought what you want would be keel calls helmfile to update container image tags of your apps. That’s not how keel works at the moment
Anyway, in case you really want keel just for updating your container image tags out of helmfile, just add keel-related values to your values.yaml managed by helmfile.
2019-05-13
@mumoshu thanks! Yeah, I worked out as much, I just didn’t get it working yet and wondered if others were successful with it…
2019-05-14
@Shane I hope you like this https://twitter.com/mumoshu/status/1128218333315100673
@mumoshu are you gonna make helmfile leverage helm-x to work with plain manifests or kustomize’ed stuff? I’m joking, but have you ever had these thoughts - to manage not only helm via a tool like helmfile. Actually, once I had a request about how to provide management of objects with one tool while some services were helmified, but others were not migrated yet.
@Andrew Nazarov Is this a coincidence?!
I wrote up two feature requests yesterday that would result in integrating helm-x to helmfile
https://github.com/roboll/helmfile/issues/588 https://github.com/roboll/helmfile/issues/589
I think I have purposed the former issue to cover your exact use-case.
That being said, I’d definitely like to integrate helm-x to helmfile.
Please leave your or comments on issues you are interested, so that it is more likely to realize!
@mumoshu keep up the good work
@mumoshu intriguing
Running helmfile from helm/account/dev
in ./helmfile.yaml: in .helmfiles[0]: in helm/account/helmfile.yaml: failed to read helmfile.yaml: helm exited with status 1:
error loading config: no matching creation rules found
Error: plugin "secrets" exited with error
less ./helmfile.yaml
less helm/account/helmfile.yaml
ls -larth helm/account/helmfile.yaml
-rw-r--r-- 1 sstarcher staff 4.5K May 8 17:50 helm/account/helmfile.yaml
ls -larth ./helmfile.yaml
-rw-r--r-- 1 sstarcher staff 422B May 13 15:51 ./helmfile.yaml
so it’s the secrets plugin choking
Has something changed with the directory structure. It is not longer finding my .sops.yaml for sub helm charts.
nope… something on my end has had to of changed
So ya, probably certainly seems to be with secret decryption, but I can’t find out what would of changed. My .sops.yaml has always been at the root. Did it by chance change to run the secret decryption rooted from the helmfile instead of the root helmfile?
Ya, seems something has changed related to sops. I now require a .sops.yaml in each of my directories that have a helmfile.
Sops had a release 26 days ago so I also changed to the older sops release 3.2.0 from 2018. Both seem to have the same issue with helmfile.
Well… I can fix it by changing ../../_environment/secrets.yaml to ../../../dev/_environment/secrets.yaml, but that does not explain why it just started failing.
well I think I find a viable workaround… but then I caught things on even worse fire
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x13cb127]
goroutine 1 [running]:
github.com/urfave/cli.HandleAction.func1(0xc000251000)
/go/pkg/mod/github.com/urfave/[email protected]/app.go:474 +0x287
panic(0x145a340, 0x186a7a0)
/usr/local/go/src/runtime/panic.go:522 +0x1b5
github.com/roboll/helmfile/pkg/app.(*Error).Error(0xc000192000, 0xc000192060, 0x2)
/home/circleci/workspace/helmfile/pkg/app/app.go:343 +0xb7
github.com/roboll/helmfile/pkg/app.(*Error).Error(0xc000192030, 0xc000194090, 0x10ce2ee)
/home/circleci/workspace/helmfile/pkg/app/app.go:339 +0x494
github.com/roboll/helmfile/pkg/app.(*Error).Error(0xc000192060, 0x0, 0x12)
/home/circleci/workspace/helmfile/pkg/app/app.go:339 +0x494
github.com/roboll/helmfile/pkg/app.(*Error).Error(0xc000192090, 0xc00016c090, 0x0)
/home/circleci/workspace/helmfile/pkg/app/app.go:339 +0x494
github.com/roboll/helmfile/cmd.toCliError(0x1567d20, 0xc000192090, 0x0, 0xc00000cc40)
/home/circleci/workspace/helmfile/cmd/cmd.go:88 +0xa7
github.com/roboll/helmfile/cmd.FindAndIterateOverDesiredStatesUsingFlagsWithReverse(0xc000184140, 0xc00005e500, 0xc00005e5c0, 0x8, 0xc00000cbe0)
/home/circleci/workspace/helmfile/cmd/cmd.go:79 +0xfa
main.findAndIterateOverDesiredStatesUsingFlags(...)
/home/circleci/workspace/helmfile/main.go:619
main.main.func4(0xc000184140, 0x0, 0x0)
/home/circleci/workspace/helmfile/main.go:220 +0x66
reflect.Value.call(0x143e300, 0x14e5af0, 0x13, 0x14c82e4, 0x4, 0xc000132fa0, 0x1, 0x1, 0xc00002e080, 0x1011bc3, ...)
/usr/local/go/src/reflect/value.go:447 +0x461
reflect.Value.Call(0x143e300, 0x14e5af0, 0x13, 0xc000132fa0, 0x1, 0x1, 0xc00008a820, 0xc00008a868, 0x140)
/usr/local/go/src/reflect/value.go:308 +0xa4
github.com/urfave/cli.HandleAction(0x143e300, 0x14e5af0, 0xc000184140, 0x0, 0x0)
/go/pkg/mod/github.com/urfave/[email protected]/app.go:483 +0x1ff
github.com/urfave/cli.Command.Run(0x14c994c, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14de166, 0x3d, 0x0, ...)
/go/pkg/mod/github.com/urfave/[email protected]/command.go:186 +0x8d1
github.com/urfave/cli.(*App).Run(0xc000000f00, 0xc0000a2000, 0x5, 0x5, 0x0, 0x0)
/go/pkg/mod/github.com/urfave/[email protected]/app.go:237 +0x601
main.main()
/home/circleci/workspace/helmfile/main.go:578 +0x1fef
helmfile version v0.60.1
well fixed the 2 errors i was getting - https://github.com/roboll/helmfile/pull/594
1
Thanks for fixing! Just merged it
Thanks sir when you get a chance can you cut a release
I’ll do it in a hour so once I get home
fyi: 0.60.2 and 0.61.1 are the latest releases containing your fix
thank you
@mumoshu sounds great!
2019-05-15
@mumoshu seeing some side effects from the new lockfile addition - https://github.com/roboll/helmfile/issues/598
Thanks, just replied. I think we need to loosen the restriction partially or fully, depends on our reqs!
https://github.com/roboll/helmfile/pull/600 should fix it
2019-05-16
While my trial on replicated/ship, I came up with how we can potentially leverage kustomize to patch helm releases, but still installing it as a helm chart.
https://github.com/mumoshu/helm-x/issues/2
I think we can extend this to helmfile, so that helmfile can be used for applying adhoc “patches” to a helm chart without forking. The patches can be used for injecting init/sidecar containers, modifying other pod spec, adding configmap/secret required but not included in the chart, etc…
2019-05-17
Btw, the latest version of helmfile available via homebrew is v0.54.2.
@Andrew Nazarov @mumoshu Was just coming online to ping you about the homebrew version Are we going to see an update for it in the future? I’m asking before I manually install it from git and there are some breaking changes that make my life hell.
Hey!
Nope, the homebrew formula is out of my control :) Would you mind sending PRs to the formula, so that it gets updates.
100% will do.
What kind of breaking changes are you talking about? I think I didnt make those for months(also we regurarly add features and bug fixes
I was saying I wanted to check with you about the version on homebrew before I pull directly from git and my yaml files require updating to any new formats. Going from 0.54.2 to 0.63 is a big jump.
It’s likely there are no breaking changes. I’ll confirm myself before making the formula update PR.
Okay! Thanks for your support
And a side (noobish) question: We’re trying to update some of our config maps via helm upgrade commands using --set but we’re unable to target the chart as it’s part of our helmfile. I’d normally use sync but I want to try a few direct changes. Am I being an idiot or would we have to move to individual chart files to be able to do this?
I’m trying to understand. Is your chart able to manage configmaps via chart values, and you’re trying to set some values without creating values.yaml files, right?
Correct.
We’ve had a rollout where kubernetes-dashboard is failing, which fails the release. This means configmap versions ARE pushed but when looking at the pod describe for it it’s defaulting to the old mount.
So the config exists but because one chart failed, the release failed.
This is fine, and expected, I should just fix the kubernetes-dashboard release and everything will be fine, but I want to confirm something within the configmap before I do that.
I’d normally just helm upgrade --set key=value but I’m unable to target that chart name because there is only the helmfile.
releases:
- name: yourrelease
chart: yourchart
values:
- anykey: anyvalue
This is the better version of ` –set anykey=anyvalue` in helmfile. Would it be what you are looking for?
And every change you make must be firstly declared in helmfile
Is that in the helmfile itself or a new yaml file used for a quick helm upgrade patch?
In the helmfile
You made an interesting point!
i was thinking that one of biggest reasons you might want to use helmfile would be to avoid adhoc upgrades like that
have you tried helmfile diff or helmfile --interactive apply?
I normally 100% would, this is one of those really odd edge-cases where I’ve run into an issue and want to go manual on it.
it allows you to see the changes before syncing
so i thought you might prefer the
workflow of (1)changing one of values in
helmfile.yaml (2)helmfile diff (3)finally helmfie sync even in such case
but i think i’ve understood what you wanted - avoid editing yaml files until you figure out the correct config, right?
Ye thats the basic goal. I would assume I could use like helmfile.yaml/chartname or something.
And it would pull the yaml config out for that release. But that’s very likely not ‘right’ as the whole point of helmfile is to avoid something like this.
yep
helmfile does’t have a specific feature that helps today. but let me think what we can do
Thanks so much for the help* and input. We really love using your tooling and will continue to use it.
maybe something like helmfile plan --set helmfile.yaml/yourrelease/values.yaml:anykey=anyvalue thats stages the change to the values.yaml, diff, sync, and asks you to repeat or commit.
thanks a lot for using helmfile and the feedback!
I like that format. It’s similar to the normal helm upgrade releasename . $@ -f values.yaml -f values.${STAGE}.yaml that everyone is used to.
@Collin Wrote up a github issue for this thread. Would you mind leaving your comment, or giving me your github username so that I can notice you whenever necessary
2019-05-20
Hey,
How can I manage deployments of crd’s with helmfile? I am currently migrating parts of our infra to helmfile stored in a repo and I need to deploy cert-manager as well
this is how we deploy cert-manager with helmfile https://github.com/cloudposse/helmfiles/blob/master/releases/cert-manager.yaml
does helmfile remove the need to manually bump chart versions etc in the repo?
hey! perhaps you wanna try the brand-new helmfile deps command that recently introduced?
https://github.com/roboll/helmfile/pull/593
i’m assuming it is what you basically want for “automatic chart version bump”.
it works like this - helmfile deps fetches latest chart versions that satisfies the chart version constraints described in your helmfile.yaml, saves version numbers to helmfile.lock. on e.g. helmfile sync, it reads the lock file and uses the chart version numbers in it
cc @Andriy Knysh (Cloud Posse)
thanks @mumoshu! “automatic chart version bump” is exactly what i want
you have to specify the chart version directly in the helmfile, either by hardcoding it (e.g. https://github.com/cloudposse/helmfiles/blob/master/releases/cert-manager.yaml#L30) , or using ENV var
thanks @Andriy Knysh (Cloud Posse)
@btai here’s an example of using the raw chart
e.g. if you don’t have the chart for the CRDs, but still want to use helmfile
2019-05-21
2019-05-27
2019-05-29
good morning, is it possible for helmfile to merge a map coming from environment yaml files so that I can take 2 maps and merge them together? eg if my values file looks something like:
default_config:
resources:
limits:
cpu: 0.1
memory: 200Mi
requests:
cpu: 0.1
memory: 200Mi
service_config_a:
autoscaling: true
minReplicas: 5
maxReplicas: 70
resources:
limits:
cpu: 0.3
memory: 400Mi
requests:
cpu: 0.3
memory: 400Mi
service_config_b:
autoscaling: true
minReplicas: 5
maxReplicas: 70
I’d like service_config_b to inherit values from default_config
Does using YAML anchor work?
default_config: &default_config
resources:
limits:
cpu: 0.1
memory: 200Mi
requests:
cpu: 0.1
memory: 200Mi
service_config_a:
autoscaling: true
minReplicas: 5
maxReplicas: 70
resources:
limits:
cpu: 0.3
memory: 400Mi
requests:
cpu: 0.3
memory: 400Mi
service_config_b:
<<: *default_config
autoscaling: true
minReplicas: 5
maxReplicas: 70
one other question - is the work for bases released yet?
@Ufou yep! https://github.com/roboll/helmfile/releases/tag/v0.68.0 is the latest release including the bases feature, which all the known issues related to bases fixed
thanks!
@mumoshu what is the release schedule for helmfile if there is one?
I release it regurarly via github releases. or perhaps you meant v1.0?
Yeah, I noticed. It seems there is no particular schedule for these releases (like once a week every Sunday or so). The point is I’m building my own docker image since I need some tools for hooks. I think I should automate the building process.
Gotcha. I’d say there’s no particular schedule! Have you tried renovatebot? I thought it had an ability to track upstream docker image update and automatically submit PRs to update the base image in your Dockerfile.
@Andrew Nazarov
I’m gonna reorganise things related to helmfile, try new features and stuff. @mumoshu Should I avoid set in my helmfile.yaml? I noticed somewhere you stated, that it was added for backward compatibility.
Actually, with the latest additions it’s somewhat difficult to pick the right solution. Like helmfiles vs bases vs release templates vs something else. Since we’ve got tens of releases multiplied by tens of environments, the good old plain helmfile.yaml is becoming difficult to maintain. And we’ve got umbrella charts there. So, we are going to get rid of these umbrella charts and manage every single thing by helmfile, but we want to make it as DRY as possible). Let’s see what we’ll get.
@Andrew Nazarov Sry for replying an old thread!
Yeah you should generally avoid set because it has typing issues the same as helm’s --set. The are only two use-cases that you’d like to use set, (1) set an array item (2) set value from a file(not setting kvs from file=values.yaml, but --set-file key=FILENAME)
Also, I wanted to note that you should avoid templating whenever possible.
Regarding state templates vs release templates, I recommend you to avoid using state templates because it’s harder to use, and you can now use bases and release templates to achieve almost the same goal.
anyone see how far they could get with helm3-alpha?
i saw somewhere that the team plans to release alpha.2 and alpha.3 until GA.
thought alpha.1 doesn’t add many fancy things, other than docker registry as a chart repository feature.
my favorite feature “Lua event hooks” are coming in alpha.3!
at last time i saw it, the dev branch were 800+ commits behind the master branch. not sure how the team cherry-picks all those…
though alpha.1 apparently has addressed the tiller issue
that’s huge
yeah that’s nice!
2019-05-30
Can I define several templates? Something like
templates:
- first: &first
snip1
- second: &second
snip2
Yep. Define each as dict items. Not array items
Got it. Thank you.
2019-05-31
Why helm-tiller is not bundled in a helmfile’s Docker image?
I was just lazy to do so! PR welcomed