#helmfile (2020-12)

https://github.com/roboll/helmfile

Questions and discussion around helmfile https://github.com/roboll/helmfile and https://github.com/cloudposse/helmfiles Archive: https://archive.sweetops.com/helmfile/

2020-12-29

2020-12-28

Emmanuel avatar
Emmanuel

Hi everyone, i’m trying to see if we can use url to get values for a release: (like with helmfiles: keyword)

releases:
  - name: app
    chart: ../chart/test
    values:
      - git::<https://github.com/><something>.yaml   # << like this ?
helmfiles:
  - path: git::<https://github.com/><something>/helmfile.yaml # similar to this 
Ion avatar

I think it’s possible if you use it under:

environments:
Ion avatar

But would be cool indeed to have it under releases or at least under helmfiles

Ion avatar
roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

Emmanuel avatar
Emmanuel

helmfiles is already possible but value make thing easier for my user case with different repo for each app , i wanted to just have param for the app not helm config in those repo

Emmanuel avatar
Emmanuel

each release could get his own file , which can be different from the same environment

Emmanuel avatar
Emmanuel

also i could do something like `

git::<https://github.com/me/app/config-{{> .Environment.Name }}.yaml?re=master
Emmanuel avatar
Emmanuel

and in another release have

git::<https://github.com/me/app2/config-{{> .Environment.Name }}.yaml?re=master
voron avatar
voron

similar thing is possible with secrets And you still have exec

roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

Emmanuel avatar
Emmanuel

in the end what i did was to use multiple helmfile which all have there own environment and url.

i manage to make it work with git without problem but i believe that the http is rather trouble some as you need specific content/header to be pulled

2020-12-27

2020-12-26

2020-12-24

Joaquin Menchaca avatar
Joaquin Menchaca

I cannot get environments to work as documented. From the docs (README.md), I tried:

environments:
  ## `default' environment uses Alpha with TLS
  ## set tls_client_auth with env var TLS_CLIENT_AUTH
  default:
    values:
      - ./examples/alpha_tls.yaml.gotmpl
      - ./examples/{{ env "TLS_DIR" | default "dgraph_tls" }}//secrets.yaml
  ## 'zero_tls' environment uses Zero with TLS
  zero_tls:
    values:
      - ./examples/zero_tls.yaml.gotmpl
      - ./examples/{{ env "TLS_DIR" | default "dgraph_tls" }}//secrets.yaml

releases:
  - name: {{ env "RELEASE" | default "my-release" }}
    namespace: {{ env "NAMESPACE" | default "default" }}
    chart: {{ env "PWD" }}/../../charts/dgraph

But the helmfile apply doesn’t pick up default environment.

Joaquin Menchaca avatar
Joaquin Menchaca

I guess these are values you can inject and picked up by .Values.key, but not actual helm values, rather helmfile values

voron avatar
voron

Did you specify environment via helmfile -e ?

2020-12-22

2020-12-21

DnR-iData avatar
DnR-iData

Hi everyone,

Before creating my own argocd+helmfile docker image, I would like to know if someone already did it and published it public ? I found chatwork image but not really up to date with helmfile version.

And if worked like a charm (helmfile with argocd) ?

Thx a lot

1
Balazs Varga avatar
Balazs Varga

hello all,

Balazs Varga avatar
Balazs Varga

I am writing a hpa file for my cluster and would like to template it. if I have the following metrics:

  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 70

can I template it into the hpa.yaml using range or something else? I would like to get all metrics from values. so if I would like to use the pod or object metrics I only need to update values

voron avatar
voron

well, use hpa.yaml.gotmpl and templating features

Balazs Varga avatar
Balazs Varga

I had to ouse toyaml thanks

1

2020-12-19

2020-12-18

2020-12-17

Ion avatar

So, one more interesting question from me.

Suppose I have a release that installs CRDS. And I have a release that depends on those CRDS. How can I make the dependency between them to work without running helmfile 2 times?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

you can define the release in the helmfile in the order you want them installed, and then use helmfile --concurrency=1 to run them sequentially

voron avatar
voron

It may be better to use deps in helmfile

roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

Ion avatar

Yeah, so, the sync command would work, but the diff if the crd is not installed will not work

voron avatar
voron

is it due to helm diff cannot complete w/o required&installed CRDs ?

Ion avatar

@ Yes

jason800 avatar
jason800

Hey All, wondering if anyone has seen any issues around helmfile and its storage of helm meta-data? We have been testing our helmfile from our local workstations but our ci/cd pipeline executes helmfile from within a k8s cluster and I seem to be finding that when doing the latter the helm release meta-data is not going to the release namespace but instead going to the default namespace instead because that is where the job is executing

Christian avatar
Christian

In Helm 3, the release metadata is stored in the same namespace as the release itself. See https://helm.sh/docs/faq/#release-names-are-now-scoped-to-the-namespace

Frequently Asked Questions

Helm - The Kubernetes Package Manager.

jason800 avatar
jason800

@ yea I mean that appears to be demonstrably false

Christian avatar
Christian

Hey everyone, also have a query about having dependencies between charts. I know you can have a needs keyword as part of the helmfile release to maintain dependencies. However, I can’t seem to figure out the syntax as to how to reference a release when they are in different folders.

- cert-manager
   / helmfile.yaml
- cert-issuer
   / helmfile.yaml

In cert-issuer, having a needs: ['cert-manager/cert-manager'] errors out. Also tried various combinations, but none seem to work.

voron avatar
voron

Did you able to get needs to work inside single helmfile.yaml ? needs may need to specify k8s context too just before namespace.

Christian avatar
Christian

Yup, got it working in a single helmfile. I’d try specifying the k8s context, thanks!

2020-12-16

Ievgenii Shepeliuk avatar
Ievgenii Shepeliuk

Hi, all when using vals for value resolution, it it possible to disable the actual resolution when calling $ helmfile template via helmfile.yaml or CLI argument ?

for instance, I don’t have an access to production Hashcorp Vault, but I want to render templates locally for testing

Andrew Nazarov avatar
Andrew Nazarov

We are wrapping this in if ne .Environment.Name "default" . I must admit the overall readability suffers:)

Ievgenii Shepeliuk avatar
Ievgenii Shepeliuk
  1. is it possible to introduce a CLI flag or parameter to helmfile.yaml ?
  2. unfortunately i didn’t understand the idea of that if , could you provide an example ? In fact i want to render locally template for different environments, I just don’t want to perform resolution at all ( speed of render + permissions issues )
Ievgenii Shepeliuk avatar
Ievgenii Shepeliuk

the issue is that I can’t even override those values via --set since helmfile still tries to perform a resolution, and it’s logical

Andrew Nazarov avatar
Andrew Nazarov

The thing is that we use “default” environment only to test things, for real environments we have correspondent environment names and settings in helmfile. With that being said it just a matter of the following simple if:

loadBalancerIP: {{- if ne .Environment.Name "default" }} ref+tfstate:///{{ env "PATH_TO_TF_STATE" }}/output.external_ip.value {{- end }}
1
Ievgenii Shepeliuk avatar
Ievgenii Shepeliuk

Got it, thanks

Ion avatar

Hi, all!

Is it possible to do something like that in helmfile:

templates:
  default: &default
    namespace: test
    chart: repo/{{ .Release.Name }}

    {{- range $service, $version := .Values.release }}
    {{- if eq $service .Release.Name }}
    version: "{{ $version }}"
    {{- end }}
    {{- end }}

where the .Values would be

release:
  my-service:
    version: 1.0.0

?

I’m getting a failed to read helmfile.yaml: reading document at index 1: yaml: line 11: could not find expected ‘:’

Jonathan avatar
Jonathan

I’m not exactly sure if or how it’s possible to refer to values in the template, but if you want to do it a bit differently, you can set a version under the releases in the helmfile.yaml like so:

- name: "test"                                                                                                                                                              
  version: {{ .Values | default (env "TEST_VERSION") | default "1.0.0"}}                                                                                              
  <<: *default   
Ion avatar

@Jonathan the problem is that I have around 100 releases )

Ion avatar

So, I need to template it somehow

Jonathan avatar
Jonathan

Have you tried specifying the version value like this?

{{ .Values | get "Release.Name" "" }}

just to try getting the value in a slightly different way?

The reason I’m not sure it worksis that it might try to access the .Release.Name before the values.yaml have been properly rendered, so you might have to do some {{ ` {{ .Values.Release.Name }} `}} magic

Ion avatar

@Jonathan Hmmm, good catch! Will try

Ion avatar

This worked

templates:
  default: &default
    namespace: test
    chart: repo/{{ .Release.Name }}
    version: 0.0.0-{{ .Values.release | get .Release.Name "develop" }}

where values are

release:
  service: 1.0.0
Joaquin Menchaca avatar
Joaquin Menchaca

How can I set values in values.yaml file?

e.g.

releases:
  - name: prometheus
    namespace: default
    chart: prometheus-community/kube-prometheus-stack
    values:
      - ./alertmanager.yaml
    disableValidation: true

So the alertmanger.yaml would have a value in there, like {{ requiredEnv "PAGERDUTY_INTEGRATION_KEY" }}

Joaquin Menchaca avatar
Joaquin Menchaca

ah, .gotmpl extension

Ion avatar

yep

Joaquin Menchaca avatar
Joaquin Menchaca

Despite specifying: disableValidation: true I am getting:

  Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: [ValidationError(Prometheus.spec): unknown field "probeNamespaceSelector" in com.coreos.monitoring.v1.Prometheus.spec, ValidationError(Prometheus.spec): unknown field "probeSelector" in com.coreos.monitoring.v1.Prometheus.spec]

What can I do?

Jonathan avatar
Jonathan

If the disableValidation: true is specified as above, I don’t think that it’s specified in a way that shows that the field is supposed to be part of the .Values. You’d have to do something like this:

releases:
  - name: prometheus
    namespace: default
    chart: prometheus-community/kube-prometheus-stack
    values:
      - ./alertmanager.yaml
      - disableValidation: true
Joaquin Menchaca avatar
Joaquin Menchaca

disableValidation is a key in helmfile, not the prometheus-community helm chart.

Joaquin Menchaca avatar
Joaquin Menchaca

The solution was to delete the existing CRDs. An earlier version installed CRDs that have since then been updated. Once CRDs were purged, helm chart would now work, as it installs new CRDs.

2020-12-15

Joaquin Menchaca avatar
Joaquin Menchaca

I haven’t touched helmfile in a while, and I was wondering if any good examples out there for using:

• environments in helm/helmfile

• kustomize in helmfile

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We’ve updated all of our helmfiles to use environments: https://github.com/cloudposse/helmfiles/tree/master/releases/

cloudposse/helmfiles

Comprehensive Distribution of Helmfiles for Kubernetes - cloudposse/helmfiles

1
Joaquin Menchaca avatar
Joaquin Menchaca

I am also looking about what or how I can use all the features with chartify in helmfile. I am currently using hooks with shell scripts, but if there is a smoother way to do kustomize in helmfile, that would be better.

2020-12-14

muhaha avatar
muhaha

Any idea how to render multiline string in values ?

environments:
  default:
    values:
      - foo: |
          hello world
          bye

to

foo: |
  hello world
  bye 

Thanks

muhaha avatar
muhaha

{{ toYaml .Values.foo | indent 8 }} worked for me

2

2020-12-13

muhaha avatar
muhaha

Any idea how to escape {{ $labels.target }} string? Its prometheus specific:

values:
    - prometheusRule:
        enabled: true
        rules:
          - alert: UrlDown
            annotations:
              message: The status code of {{ $labels.target }} is 4xx or 5xx, or some other failure occurred such as a timeout (60 seconds) for the last 5 minutes.
            expr: probe_http_status_code >= 400 or probe_http_status_code == @Vinit Sarvade 08 

I tried

 {{`{{ $labels.target }}`}}

, but still getting undefined variable "$labels" Any idea @mumoshu? Thanks

Raymond Liu avatar
Raymond Liu

I have the same problem as yours, here is my solution. Create a file called prometheusrule.yaml

# prometheusrule.yaml
prometheusRule:
  enabled: true
  rules:
    - alert: UrlDown
      annotations:
        message: The status code of {{ $labels.target }} ...

And just reference it

values:
  - prometheusrule.yaml
muhaha avatar
muhaha

Seems that

{{`{{"{{ $labels.target }}"}}`}}

is working

1
Raymond Liu avatar
Raymond Liu

You can choose the better one for your use case

2020-12-12

2020-12-11

bazbremner avatar
bazbremner
helm/charts

(OBSOLETE) Curated applications for Kubernetes. Contribute to helm/charts development by creating an account on GitHub.

Paul Catinean avatar
Paul Catinean

Oh damn that’s unfortunate, what are we supposed to use for the same purpose? 

helm/charts

(OBSOLETE) Curated applications for Kubernetes. Contribute to helm/charts development by creating an account on GitHub.

voron avatar
voron

I think we need to wait for @mumoshu to host this chart in some separate helm repo It’s still possible to use “deprecated” chart, as the chart is fine itself, the problem is with incubator repo.

mumoshu avatar
mumoshu

Yeah the chart is marked as deprecated due to the incubator repo being abandoned. But it still works as before

mumoshu avatar
mumoshu

I’m using chartcenter’s mirror of the incubator repo these days https://chartcenter.io/incubator/raw

raw Helm Chart - JFrog ChartCenter

version 0.2.5 of Helm chart incubator/raw. DEPRECATED A place for all the Kubernetes resources which don’t already have a home. Discover Helm charts with ChartCenter!

1
voron avatar
voron

But it’s still with “deprecated” label

bazbremner avatar
bazbremner

Most, but not all, charts have migrated to their own repos/chart locations.

Paul Catinean avatar
Paul Catinean

ohhhh

Paul Catinean avatar
Paul Catinean

Yeah I am still using it was just worried they might drop it one day, thanks for the info everyone

Joaquin Menchaca avatar
Joaquin Menchaca

A lot of charts are being abandoned unfortunately.

2020-12-10

Paul Catinean avatar
Paul Catinean

Anyone know why the incubator chart is deprecated?

Paul Catinean avatar
Paul Catinean

Or just the previous locations only?

Paul Catinean avatar
Paul Catinean
incubator/raw                                 	0.2.5        	0.2.3                       	DEPRECATED A place for all the Kubernetes resou..

2020-12-09

Christian avatar
Christian

Hey everyone, been setting up terraform and helmfile to manage our K8s cluster. How do you guys manage terraform created resources and pass it to helmfile? I ideally would not want to hardcode any endpoints that I need in my yaml files. I explored using the helm provider of Terraform but it made sense to me to manage my cluster using helmfile.

Currently, I have this setup where terraform publishes everything that I need for helmfile to consume to SSM (IAM roles for service accounts, RDS endpoints), and then I use the remote-secrets feature of helmfile to get the values. This is also how I manage secrets by just using SecureString.

Just curious if this is the right way to go? Any cons of this setup? Currently it looks like I’m setting myself up to shoving everything to SSM lol

Andrew Nazarov avatar
Andrew Nazarov

We are using embedded vals functionality to get outputs from tf state and pass them to helmfile.

Andrew Nazarov avatar
Andrew Nazarov
variantdev/vals

Helm-like configuration values loader with support for various sources - variantdev/vals

Andrew Nazarov avatar
Andrew Nazarov
roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

Christian avatar
Christian

Yes, I am using exactly that. No problems in setting that up. I just do for example role_arn: <ref+awsssm://path/to/param> then I just made a terraform module for the k8s IAM roles that also takes care of putting everything to SSM.

My question is more of if it’s the right way to go about this? Since it would be essentially throwing everything to SSM, wherein it essentially acts like the glue between helmfile and terraform.

Christian avatar
Christian

I guess you are doing the same thing then? Sorry idk, this approach just feels. . .hacky. Maybe just me haha

Andrew Nazarov avatar
Andrew Nazarov

Yeah, it looks pretty the same indeed. We just don’t have this intermediate “publish to SSM” step, but pull directly from the tf state. I will be glad to hear any better alternatives as well, but we are pretty satisfied with our current solution:)

Andrew Nazarov avatar
Andrew Nazarov

helmfile provider might be an alternative, but to us the current solution seems a bit more reliable.

Andrew Nazarov avatar
Andrew Nazarov

Haven’t had time to check the most recent version of the provider though.

1
Christian avatar
Christian

Ah I actually didn’t notice that vals also supports reading directly from the terraform state. I wonder if that is the better approach, instead of publishing everything to SSM.

Christian avatar
Christian

Do you also pull sensitive values/secrets directly from the tf state?

bazbremner avatar
bazbremner

Last time I looked, it only supported local state, not remote/S3 backed, but that’s a while ago now. I’ve just gone with Terraform writing to SSM (or humans/other code if it’s something that Terraform can’t handle) and then Helmfile reads from SSM.

bazbremner avatar
bazbremner

At least that way, regardless of how something was provisioned/configured, there’s a consistent contract with Helmfile

Andrew Nazarov avatar
Andrew Nazarov


Last time I looked, it only supported local state, not remote/S3 backed
It still doesn’t support anything. For example it doesn’t support GCS backend so we have to pull the state and operate with it as if it’s local. That’s what looks hack-ish to me right now, speaking of hacks:) Actually it’s an issue of the underlying tfstate-lookup
Do you also pull sensitive values/secrets directly from the tf state?
Not yet:) So far we are interested in endpoints and LB IP addresses.

Christian avatar
Christian


Last time I looked, it only supported local state, not remote/S3 backed
Ah got it. I don’t think this is an option for me then.

Christian avatar
Christian

Thanks for the discussion! I’d just stick with what I have :)

Andrew Nazarov avatar
Andrew Nazarov

S3 should work ok

mumoshu avatar
mumoshu

Yeah I’ve verified that it works with S3 backed tfstate before. GCS isnt supported yet

mumoshu avatar
mumoshu

Anyways, I think the way @ using SSM as the connector between tf and helmfile is nice.

That way you can make tf and helmfile more decoupled than reading tfstate directory

Christian avatar
Christian

Thanks for the confirmation @mumoshu! This gives me a nice confidence boost to my current setup

1
Balazs Varga avatar
Balazs Varga

hello all, if I have dfata in helmfile.d like

app:
  name:
  image:
  path:

can I somehow include all options under app: to the values under config and not one by one ?

Jim avatar

I’m switching from Helm-2 to Helm-3 and a Helmfile hook that works with Helm-2 is failing with Helm3 and I’m not sure why.

Jim avatar

Basically I’m trying to run a kubectl to apply a label and it has no idea about the Kube context anymore when it runs and tried to connect to localhost:8080.

Jim avatar

I created a new release with this set of dummy hooks, the last one to deliberately make it quit before installing the chart:

    hooks:
      - events:
        - presync
        showlogs: true
        command: sh
        args:
          - -c
          - "env | grep KUBECONFIG | sort;echo [$KUBECONFIG]; test -n \"$KUBECONFIG\" && ls -l $KUBECONFIG; cat $KUBECONFIG"
      - events:
        - presync
        showlogs: true
        command: kubectl
        args:
          - config
          - current-context
      - events:
        - presync
        showlogs: true
        command: sh
        args:
          - -c
          - "exit 1"
Jim avatar

When run using helm2, the output of the hooks is:

helmfile.yaml: basePath=.

hook[presync] logs | []
hook[presync] logs | 
helmfile.yaml: basePath=.

hook[presync] logs | test2.he0.io
hook[presync] logs | 
helmfile.yaml: basePath=.

hook[presync] logs | 
in ./helmfile.yaml: failed processing release cert-manager: hook[sh]: command `sh` failed: command "/usr/bin/sh" exited with non-zero status:

PATH:
  /usr/bin/sh

ARGS:
  0: sh (2 bytes)
  1: -c (2 bytes)
  2: exit 1 (6 bytes)

ERROR:
  exit status 1

EXIT STATUS
  1
Jim avatar

That’s fine, it shows my context, then deliberately exits with an error in the next hook as I wanted.

Jim avatar

When I run it with helm3 however the output is:

helmfile.yaml: basePath=.

hook[presync] logs | KUBECONFIG=/tmp/tmp.018hsO8A7s
hook[presync] logs | [/tmp/tmp.018hsO8A7s]
hook[presync] logs | -rw------- 1 kube-hetest kube-hetest 0 Dec 10 13:18 /tmp/tmp.018hsO8A7s
hook[presync] logs | 
helmfile.yaml: basePath=.

hook[presync] logs | 
in ./helmfile.yaml: failed processing release cert-manager: hook[kubectl]: command `kubectl` failed: command "/usr/local/bin/kubectl" exited with non-zero status:

PATH:
  /usr/local/bin/kubectl

ARGS:
  0: kubectl (7 bytes)
  1: config (6 bytes)
  2: current-context (15 bytes)

ERROR:
  exit status 1

EXIT STATUS
  1

STDERR:
  error: current-context is not set

COMBINED OUTPUT:
  error: current-context is not set
Jim avatar

For some reason it has set the KUBECONFIG environment variable and pointed it at an empty temporary file. Then the next command to show the context dies because there is no selected context.

Jim avatar

Regular chart hooks have been working fine with Helm3, it’s only this helmfile hook that no longer works when I want to run kubectl command because the kubecontext has been overridden. Note that if I set --kubeconfig to point to my config file and also set --context in the call to kubectl in the hook, then it works with helm3, but that isn’t a viable option.

Jim avatar

I don’t know why it is setting the KUBECONFIG environment variable within the hook when helm3 is used, nor how to stop it from doing so. The versions of software I am using are

$ helmfile version
helmfile version v0.135.0

$ helm3 version
version.BuildInfo{Version:"v3.4.2", GitCommit:"23dd3af5e19a02d4f4baa5b2f242645a1a3af629", GitTreeState:"clean", GoVersion:"go1.14.13"}
Jim avatar

I still don’t have a solution to this. Does anyone have an idea of why I’m seeing this different behaviour with helmfile hooks depending on if I’m using Helm 2 vs Helm 3?

2020-12-08

Kevin avatar
Kevin

Hello, was hoping to get some suggestions how to implement this use case with helmfile:

I need to deploy a bunch of different in-house applications that are all configured very similarly. Generally speaking the only changes between the app deployments are the docker image/tag, environment variables, and maybe some additional k8s resources. I’ve created a generic base helm chart which uses a values.yaml file to specify image/tag, and environment vars. For each app I can then create an app-specific chart (using the base chart as a subchart) with any additional k8s templates and a values file to configure the chart/base-chart’s templates. Using helmfile I can then add on additional values files for each release.

The challenge I’m facing is that the environment variables are set in the base chart via a values file and I would like to render them based on app-specific and release-specific values files. So roughly I am trying to evaluate chart-default-values.yaml, release-specific-values.yaml and then use the data from those inside a final values file which sets variables for the base chart’s templates.

This is roughly asking how to use .Values in a values file, which as best I can tell from my reading on Github is not supported. I’ve taken a look through these issues to try to get ideas however I’m a bit stuck.

https://github.com/roboll/helmfile/issues/756

https://github.com/roboll/helmfile/issues/387 I did get something working for a single release by taking the approach below, however this doesn’t scale once I want to add additional releases to different namespaces in k8s or different environments:

# chart-default-values.yaml
logLevel: error
baseChart:
  environment: ""

# release-specific-values.yaml
logLevel: debug

# helmfile.yaml
environments:
  defaults:
    values:
    # Read the values into the environment so they are accessible in the inline-values below.
    - ./chart-default-values.yaml
    - ./release-specific-values.yaml

releases:
  - name: "some-app"
    namespace: "my-namespace"
    chart: .
    values:
      - ./chart-default-values.yaml
      - ./release-specific-values.yaml
      # Set the environment vars inline referencing values from the environment
      - baseChart:
          environment: |-
            export MYAPP_LOG_LEVEL={{ .Values.logLevel | quote }}

Last thing: I also considered setting the environment variables directly in the release-specific values file however that is not DRY and also causes issues if I want to set chart-wide defaults.

Any advice?

doc: Configuration and templating tips and tricks · Issue #756 · roboll/helmfile

Let’s gather all the tips and tricks worth included in the documentation, by linking from various questions answered in this repo.

Make values available as .Values in termplates and helmfile.yaml · Issue #387 · roboll/helmfile

It would really help if values from different places were available as .Values (like in standard Helm), to be referred and used. Not alle values are Environment values, example: We have set up Open…

voron avatar
voron

well, you may separate your release-specific values into different files and include these values via something like

values:
  - values/{{`{{ .Release.Name }}`}}.yaml.gotmpl
doc: Configuration and templating tips and tricks · Issue #756 · roboll/helmfile

Let’s gather all the tips and tricks worth included in the documentation, by linking from various questions answered in this repo.

Make values available as .Values in termplates and helmfile.yaml · Issue #387 · roboll/helmfile

It would really help if values from different places were available as .Values (like in standard Helm), to be referred and used. Not alle values are Environment values, example: We have set up Open…

Kevin avatar
Kevin

Hey, thanks for your reply! My release-specific values are in a separate file. I need to be able to use them to template other values which apply to the base helm chart.

voron avatar
voron

then your release-specific values are not release-specific

voron avatar
voron

do you wanna “calculate/evaluate” some base values based on release-specific values ?

Kevin avatar
Kevin

Yes that. My base chart expects a value called environment which I’m trying to compute based on the app-chart’s default values and my release-specific values.

voron avatar
voron

did you tried gotmpl ?

Kevin avatar
Kevin

I tried splitting into three files:

• chart-default-values.yaml (contains default values for the environment vars) • release-specific-values.yaml (contains the overrides for that release) • environment-values.yaml.gotmpl (sets the environment variables for the base-chart’s values) If in my release I specify:

releases:
  - name: "myrelease"
    values:
      - ./chart-default-values.yaml
      - ./release-specific-values.yaml
      - ./environment-values.yaml.gotmpl

I find that in environment-values.yaml.gotmpl the Values and environment vars are empty (when I add: {{ .Values }} and ``{{ .Environment }} to the file and run helmfile template it prints []map and {default map[] map[]}` in the generated templates. I cannot access the values from chart-default-values or release-specific-values

Kevin avatar
Kevin

helmfile version v0.135.0 btw

voron avatar
voron

what about

{{`{{ .Values }}`}}

?

Kevin avatar
Kevin

That renders the string {{ .Values }} into my configmap without evaluating it

Kevin avatar
Kevin

I think using it unescaped in the environment-values.yaml.gotmpl is correct as it renders to a string representation of itself map[]. The issue is that it is empty, and I would like it to be populated with the previous two values file’s properties.

2020-12-05

2020-12-04

Ievgenii Shepeliuk avatar
Ievgenii Shepeliuk

Hi, all Does helmfile support OCI ? If yes - where one could read about it https://helm.sh/docs/topics/registries/

Registries

Describes how to use OCI for Chart distribution.

Gus Narea avatar
Gus Narea

Hey folks. How can I get Helmfile to recreate pods in a chart if and only if there’s a new release of that chart? Note I want pods to be recreated if the chart values changed but the chart is the same, and I don’t want to recreate pods on every single helmfile apply.

That means I can’t rely on the hash of the configmaps/secrets (those won’t change if I’m just changing values without changing templates), and I don’t want to include an annotation that generates a random value (because that’d cause a diff according to helm diff and helmfile will do a release).

Gus Narea avatar
Gus Narea

This would be dead simple if I could just use .Release.Version in a pod annotation but that doesn’t seem to exist

voron avatar
voron

Well, you may pass .Release.Version to chart values and then to pods controller’s template as long as you control the chart

Gus Narea avatar
Gus Narea

Sorry, does .Release.Version exist? Or do I have to set it explicitly (for example, in the CLI)?

I’ve just tried using it without actually setting it, and the value isn’t set. Maybe I’m doing something wrong.

voron avatar
voron

.Chart.Version

Gus Narea avatar
Gus Narea

But .Chart.Version won’t change if I’m just changing the values passed to the chart

voron avatar
voron

values should be used inside templates or these values are useless

voron avatar
voron

chart values should affect k8s state

Gus Narea avatar
Gus Narea

Indeed, but if I’m changing a value used in a ConfigMap or a Secret, I want pods using that CM/Secret to be recreated

Gus Narea avatar
Gus Narea

So that they can pick up the new values

voron avatar
voron

this is exactly helm3 documented case with hash of configmap/secret

voron avatar
voron
Chart Development Tips and Tricks

Covers some of the tips and tricks Helm chart developers have learned while building production-quality charts.

Gus Narea avatar
Gus Narea

Yes, but unless I’m doing something wrong, that hash only takes the template as an input – It doesn’t take the actual values. So it doesn’t help if I want to change the values without changing the template or releasing a new version of the chart.

voron avatar
voron

with new chart version helm will recreate pods due to controller change

voron avatar
voron


the template as an input
it takes rendered template with values as input

voron avatar
voron

thus, any value change triggers pod restart

Gus Narea avatar
Gus Narea

Hmmm, I must’ve done something wrong when I tried it then. I’ll have another go later

Gus Narea avatar
Gus Narea

Thanks voron!

voron avatar
voron

check your configmap/secret templates and be sure you’re using all CM/secrets in controller annotations

Gus Narea avatar
Gus Narea

Good point. I think that’s probably the problem… I must’ve missed a CM/secret

voron avatar
voron

helmfile diff shows if there are any expected diffs, and it takes 2 files at least - configmap/secret and controller annotation (and thus pod recreate) due to hash change

1

2020-12-03

2020-12-02

Ievgenii Shepeliuk avatar
Ievgenii Shepeliuk

Hi all, why does helmfile apply not removing releases that are removed from helmfile.yaml ? Is there a way to implement such behaviour ?

PS: i know about installed: false , but I’d like to make releases be removed just by removing them from helmfile.yaml

Andrew Nazarov avatar
Andrew Nazarov

We got used to the current behaviour)). And for us it would have been a disaster once if helmfile had had this functionality by default.

You will find some thoughts on this here (like the absence of state and others): https://github.com/roboll/helmfile/issues/194

Proposal: `helmfile sync --prune` removes any charts not declared · Issue #194 · roboll/helmfile

This idea comes from the kubectl apply -f –prune where kubectl deletes any resources that aren&#39;t referenced. Helmfile should have an option for the sync command that checks what helm charts ar…

1

2020-12-01

Anthony Voutas avatar
Anthony Voutas

Question, I know there’s a way to mount a configMap as a volume in a helm chart and overwrite a specific file on the docker image. Is there a way to append to a file instead?

Anthony Voutas avatar
Anthony Voutas

Okay found the answer, gotta update the entrypoint to do the append from the configMap volume before running the main command

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

You could also probably use an init-container to read the config setting and append it to a file.

Anthony Voutas avatar
Anthony Voutas

TIL about init containers, thanks Erik!

Anthony Voutas avatar
Anthony Voutas

Do init containers share a filesystem with the main container or does that interaction still need to happen via a volume?

Anthony Voutas avatar
Anthony Voutas

(the entrypoint thing worked about to be difficult because of permissions issues with the app user in the main container)

voron avatar
voron


does that interaction still need to happen via a volume?
yes, kind of emptyDir

    keyboard_arrow_up