#helmfile (2020-11)
Questions and discussion around helmfile https://github.com/roboll/helmfile and https://github.com/cloudposse/helmfiles
Archive: https://archive.sweetops.com/helmfile/
2020-11-03
How’s this for a logo? (I didn’t make it, got it from codefresh)
it’s too much of helm, and too few of helmfile, imho
Here’s what I use in my slides…
But it’s a file, like file folder, hence helm*file*.
Hi All, as part of our git-ops pipeline we run helmfile lint. We have just added a remote chart (stable/spark-operator) but the linter pukes with
templates/crds.yaml: the kind "apiextensions.k8s.io/v1beta1 CustomResourceDefinition" is deprecated in favor of "apiextensions.k8s.io/v1 CustomResourceDefinition"
Besides forking / self-hosting the chart with a fix, what options do we have (version is “hardcoded” in the crd.yaml)? Is there a way to configure the linter rules pr release (couldn’t find a way to pass args to helm lint) - or simply disable linting that specific release
I wonder if the one I linked will have the problem too. The Incubator repo usually isn’t the best when you are trying to find something reliable
Will take a look on the one spark-gcp (although we are not running in gcp and use Spark 3)
Its actually the same: The opertaor code is at https://github.com/GoogleCloudPlatform/spark-on-k8s-operator
I’m not seeing anything that locks it to GCP
but idk, haven’t looked that hard
Forget what I wrote last - the charts may of course be diff.
Ah - the operator hub link is just for the operator and doesn’t appear to include a Chart
Found a workaround - I will simply add a label “skiplint: true” and run
helmfile -l 'skiplint!=true' lint
Also, note…
Thanks for the heads up - I’m running helm 3.4.0 so I have already swapped stable and incubator to charts.helm.sh since it kept nagging me about it
though if you’re using a chart based on <https://github.com/helm/charts/tree/master/incubator/sparkoperator> (as above), the entire <https://github.com/helm/charts/> repo will be archived, and incapable of receiving updates.
is there a good way to gather data from charts already deployed to feed as values into subsequent charts? via hooks or something? use case is one chart deployment generates a uuid we need to pull to provide to a subsequent chart in values
can’t you just generate uuid outside of deployment and just provide generated UUID to deployment to use it ?
we are doing that for most of them that we need, but it doesn’t work for all cases as the first chart doesn’t expose the ability to set all of them
in another case, sometimes its more than just uuid’s, some charts generate secrets during first install, and it would be nice to pull those in for subsequent charts
well, you may wrap anything in exec | get
but it may be tricky to wait for external value generation
v0.132.2: Fix helmfile --selector x=y template with needs (#1564)
87e86dc (HEAD, tag: v0.132.2, origin/master, origin/HEAD, master) Fix helmfile –selector x=y template with needs (<a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”734095869” data-permission-text=”Title…
2020-11-04
hey guys, anyone using both helm2 and 3 with the same release files? im loading helmdefaults base in a release that should be installed with helm2 and 3 based on env how do i get rid of this when running with helm3?
executing "stringTemplate" at <.Values.tillerNamespace>: map has no entry for key "tillerNamespace"
hmm solved it with leaving the tillerNamespace empty
tillerNamespace: ""
v0.132.3: Fix redundant helm-dep-build and prepare hook regression (#1566) Fixes #1511 Fixes <a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”707725401” data-permission-text=”Title is private”…
v0.133.0: feat: Add helmfile template --include-crds (#1568)
6b86408 (HEAD, tag: v0.133.0, origin/master, origin/HEAD, master) feat: Add helmfile template –include-crds (<a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”736498829” data-permission-text=”Title is…
2020-11-05
v0.132.3: Fix redundant helm-dep-build and prepare hook regression (#1566) bdbaa00 (HEAD, tag: v0.132.3, master) Fix redundant helm-dep-build and prepare hook regression (<a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”735731920” data-permission-text=”Title is private”…
2020-11-06
I was doing some reading the archives of sweetops and saw a discussion (looked like @Erik Osterman (Cloud Posse) was involved) about pulling off Blue/Green deployments with helmfile. I didn’t find the specific example that was discussed. Does anyone have any examples of executing Blue/Green deployments governed by helmfile ?
I don’t have an example project right now but it shouldn’t be hard with flagger.
You will deploy flagger and your apps with helmfile. Flagger is configured to monitor your apps as “canary” k8s deployments, so that Flagger watches and mirrors your deployment, balances traffic between the older “stable” k8s deployments, and carries blue/green deployment.
@mumoshu - do you have a link to flagger? I’m not familiar with it, but it sounds wonderful.
2020-11-08
v0.134.0: Bump dependencies (#1573) 709913b (HEAD, tag: v0.134.0, origin/master, origin/HEAD, master) Bump dependencies (<a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”737365351” data-permission-text=”Title is private”…
Just a heads up: we’ve published all of our new helmfiles that we’ve been using for the past year.
2020-11-09
Hi Thanks for the great app. I have one question In release 0.132.1 was added skipDeps parameter. As our developers work on different helmfile version I’m trying to add something for backward compatibility with the older versions I’ve added to the helmfiles/common/helm-config.yaml
{{ if ge (exec "helmfile" (list "version" "|" "sed 's/^.*v//'")) "0.132.1" }}
skipDeps: true
{{ end }}
It works with the current version but older still have an issue
: failed to read common/helm-config.yaml: reading document at index 1: yaml: unmarshal errors:
line 2: field skipDeps not found in type state.HelmState
Has anyone solved this issue? Thanks
it’s better to keep helmfile updated all around, as long as you’re not blocked by some bug etc
it’s just a tool, no need to pin version w/o reason.
2020-11-11
v0.134.1: Fix helmfile template --include-crds not to break with chartify (…
f6bf885 (HEAD, tag: v0.134.1, origin/master, origin/HEAD, master) Fix helmfile template –include-crds not to break with chartify (<a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”741161059”…
2020-11-12
I plan to move these notifications to #releases
these are now moved.
2020-11-13
@Andriy Knysh (Cloud Posse)
Thank you for updating the helmfiles. Although I have some issues with them, specially the “environment” configuration. Compared to other CP modules, specially Terraform, the use of environment and stage and namespace is very opinionated. For example here I do need to set the stage even if we only use the namespace and environment(=dev, prod, etc.).
https://github.com/cloudposse/helmfiles/blob/master/releases/cert-manager/helmfile.yaml#L67
Yeah specifying stage: environment would skip this, however it crates confusion and it collides with the handling in other nodules.
Any ideas on how to improve this?
Maybe add some base yaml/gotpl analogous to heml helpers templates to generate base-variables. Similar to the [context.tf](http://context.tf) and label TF module?
environments in helmfile are completely diff concept (not related to terraform and the environment variable in the TF modules)
in your helmfile.yaml you specify something like this
bases:
- ../environments.yaml
and then in the environments.yaml you do
environments:
prod:
values:
- defaults.yaml
- prod.yaml
staging:
values:
- defaults.yaml
- staging.yaml
dev:
values:
- defaults.yaml
- dev.yaml
where each YAML file is a collection of values for the helmfile for a particular environment
e.g. in dev.yaml you could have
installed: true
unlimited_staging_enabled: false
The problem is not the environments feature of helmfile but the dependency of the release to use specific variables like .Values.stage to specify the IAM role
I have an Idea and could push a MR as a proposal
2020-11-18
Anyone have any experience dealign with the Kubernetes Raw chart? I want to create a TLS secret, but I only appear able to do so, if I pass in the values directly. If I reference a secrets or values file, it errors out.
Like, this works
environments:
default:
secrets:
- helm_vars/default/certs/secrets.yaml
- helm_vars/default/linkerd-cert-manager/secrets.yaml
releases:
- name: linkerd-cert-manager
namespace: linkerd
chart: ./raw/
needs:
- cert-manager/cert-manager
wait: true
missingFileHandler: Error
values:
- resources:
- apiVersion: v1
kind: Secret
metadata:
name: linkerd-trust-anchor
type: kubernetes.io/tls
data:
tls_cert: {{ .Values.linkerd_cert | b64enc | quote }}
tls_key: {{ .Values.linkerd_key | b64enc | quote }}
- apiVersion: cert-manager.io/v1alpha3
kind: Issuer
metadata:
name: linkerd-trust-anchor
namespace: linkerd
spec:
ca:
secretName: linkerd-trust-anchor
- apiVersion: cert-manager.io/v1alpha3
kind: Certificate
metadata:
name: linkerd-identity-issuer
namespace: linkerd
spec:
secretName: linkerd-identity-issuer
duration: 24h
renewBefore: 1h
issuerRef:
name: linkerd-trust-anchor
kind: Issuer
commonName: identity.linkerd.cluster.local
isCA: true
keyAlgorithm: ecdsa
usages:
- cert sign
- crl sign
- server auth
- client auth
but If I move this to a values.yaml it breaks
Try using the fromYaml filter. Or take a look to the template feature in the helmfile docs, specially the github issues
To render a go template that contains expressions like {{ .Values... }}, try renaming the values file as values.yaml.gotmpl
otherwise it’s treated as a plain yaml without templates and may result in e.g. a yaml syntax error
ah i just realized that you found it yourself :)
STDERR:
Error: failed to parse /var/folders/_v/82h1zgqd5zg63wr6wb7t5qdw0000gp/T/values294919079: error converting YAML to JSON: yaml: invalid map key: map[interface {}]interface {}{“.Values.tls_cert | b64enc | quote”:interface {}(nil)}
o i think i got it.
Sad thing.. I opened a ticket like this, and it was explained to me before, and I literally just now understood
Happens to me all the time! =)
im a thick one.
I had myself a bad experience with helmfile today: suddenly helmfile was unable to apply the charts. The diff plugin kept crashing. At the end it was the kubecontext.
Saddly I need to specify it in the cmd line. Using the kubeContext key in the defaults config did not work as expected. I should write an issue…
2020-11-22
Greetings! I was wondering if anyone knows why it was decided not to use {{.Values}} for ‘condition:’ field in the helmfile? It seems like there is at least one related issue here… I wonder if there are some other considerations on the matter? I can see that Cloud Posse helmfiles do not use ‘condition:’ field at all… it will be interesting to hear your opinion on this field in general. Thank you!
2020-11-24
is there a way to show the generated kubernetes yaml files from helmfile?
yes sure, just run helm template -f values.yaml .
sweet
i think helmfile template
2020-11-25
Hi all It is about using helmfile with jsonPatches
- doing helmfile deps is causing some transformations, but it should not, i suppose
- values passed to helmfile apply /helmfile sync via –set or –values arguments are ignored while applying the patch, only way is to pass those values via helmfile.yaml
It seems there is no open isses for that
thanks! the first one seems like a bug. would you mind opening an issue?
- values passed to helmfile apply /helmfile sync via –set or –values arguments are ignored while applying the patch, only way is to pass those values via helmfile.yaml
this can also be a bug(or regression?)
i rarely try to add adhoc chart values via command-line(i only do that via —state-values-set/values) so perhaps i slipped it while testing
will open issue(s) for this thank you
Hi again, I am trying to build a docker image from this Dockerfile using a following command
$ docker build -t eshepelyuk/helmfile -f Dockerfile.helm3 .
I know that there’s a docker image available, but I’m trying to create a Pull Request, so I have to build the image myself to test my PR.
And I am receiving such error
go: downloading github.com/Azure/go-autorest/autorest/to v0.3.0
env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOFLAGS=-mod=vendor go build -o "dist/helmfile_linux_amd64" -ldflags '-X github.com/roboll/helmfile/pkg/app/version.Version=v0.135.0'
go: inconsistent vendoring in /workspace/helmfile:
github.com/Azure/[email protected]+incompatible: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/Masterminds/semver/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/Masterminds/sprig/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/aryann/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/frankban/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/go-test/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/golang/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/google/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/gosuri/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/hashicorp/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/hashicorp/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/hashicorp/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/howeyc/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/imdario/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/konsorten/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/pierrec/[email protected]+incompatible: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/r3labs/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/spf13/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/tatsushid/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/urfave/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/variantdev/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/variantdev/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
github.com/variantdev/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
go.uber.org/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
go.uber.org/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
golang.org/x/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
gopkg.in/square/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
gopkg.in/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
[email protected]+incompatible: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
gotest.tools/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
k8s.io/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
run 'go mod vendor' to sync, or use -mod=mod or -mod=readonly to ignore the vendor directory
make: *** [Makefile:37: static-linux] Error 1
The command '/bin/sh -c make static-linux' returned a non-zero code: 2
Could anyone help ?
You might want to check Makefile in the repo:) It helped me when I faced this. Can’t write the solution right now answering with the phone, sorry
Well, there’s a few issues
- have no idea what to check in Makefile, since has zero experience with them
- Makefile in
masterbranch is expected to be working without any changes, especially when building inside a docker but thanx anyway, if you got a chance to give some clues later - I’d be appreciated
I can just confirm, I have the same errors on docker build for .helm3 Dockerfile
ah good catch. this is far from ideal but you need to run go mod vendor before running make image
Oh, I’m a bit late for an answer)). Yeah mumoshu nailed it. I messed up files a bit, it was in circleci configuration indeed, couldn’t check yesterday. Sorry for the misleading info.
Yet again, i am building a docker image From a dockerfile from master branch
isnt it supposed that proposed go mod vendor must be put into dockerfile ?
i dont remeber the rationale/original reason anymore, but ideally there should be no go mod vendor in neither circleci config nor dockerfile
as go build is expected to download all the deps as in go.mod on demand
well, but currently either Dockerfile in master is broken or docker image should be built with some undocumented steps ,or finally, maybe i have some very special bug in my PC setup causing this issue
No special bug, I also can’t build Dockerfile.helm3 from master branch
yep. i think that’s bug in (perhaps) helmfile’s go.mod/go.sum
Should I open an issue ? Or you all could open / fix it ?
it would be great if you could open one!
2020-11-26
Hey folks. I have this helmfile.yaml where I’m trying to pass the namespace to a presync hook: https://github.com/relaycorp/cloud-gateway/blob/2f3fd5331342302ce52354386d87b76c07975717/charts/helmfile.yaml#L45-L46
.Release.Name is resolved properly but .Namespace resolves to an empty string. I’ve also tried .Release.Namespace. What else should I try?
"{{`{{.Release.Namespace}}`}}"
works for me in presync hook args
Hmm, I’ll try it again. Maybe there was a typo.
Nope, I still get an empty string after using that: https://github.com/relaycorp/cloud-gateway/commit/3338800c5c6eb3214d7a5e544852483842fa2e7a
I’m sure that’s an empty string because the hook is printing the value it gets: https://github.com/relaycorp/cloud-gateway/blob/3338800c5c6eb3214d7a5e544852483842fa2e7a/charts/vault/pre-install.sh#L35-L38
Are you setting the namespace explicitly in the helmfile?
Maybe I need to do that
Are you setting the namespace explicitly in the helmfile?
Yes. IDK other options for helmfile to guess the namespace.
I assumed it’d read the current context . I’ll set the namespace explicitly
2020-11-27
2020-11-28
anyone tried to run https://registry.terraform.io/providers/mumoshu/helmfile in terraform cloud ? not sure how to add actual helm & helmfile binaries there..
nvm, i just found https://github.com/mumoshu/terraform-provider-helmfile/issues/5
@Erik Osterman (Cloud Posse) did you find any workaround for terraform cloud ?
Actually, I think he has addressed this issue so it downloads the dependencies but haven’t tried it yet
It uses another library called “dep” to manage those dependencies
I tried last helmfile provider release and no, it will not download binaries
But its generic problem of Terraform Cloud..
Did you read this section?
Seems its not stable enough, I tried:
helmfile_release_set "mystack" {
version = "0.128.0"
helm_version = "3.2.1"
helm_diff_version = "v3.1.3"
...
}
in TF 0.13.5, but plan will get stuck, without any log info… ( TF_LOG_PATH=/tmp/tf.log TF_LOG=TRACE terraform plan )
2020-11-29
Hey! I was wondering - does anyone here have a working example of a Helmfile with Traefik configured? I could really use some pointers.
for traefik v2? what do you need exactly?
2020-11-30
hey guys, is there a way to generate/deploy with kustomize from git url? for example
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubernetes-operator-system
resources:
- github.com/mycompany/kubernetes-operator/config/default
images:
- name: abc/abc:snapshot
how can i do it with helmify?
i assume there is no way w/o having a -kustomize folder the that kustomization.yaml file