#helmfile (2021-03)

https://github.com/roboll/helmfile

Questions and discussion around helmfile https://github.com/roboll/helmfile and https://github.com/cloudposse/helmfiles Archive: https://archive.sweetops.com/helmfile/

2021-03-31

gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr

hi guys, i’m trying to add a k8s secret definition template as .yaml using the helmfiles directive as described in https://github.com/roboll/helmfile/tree/v0.138.7 . But i’m facing this error when running diff (or template)

parsing: template: stringTemplate:5: function "include" not defined

i’ve included an {{ include "valueX"}} in it and that is what the error refers to, so: is that the correct way of pointing using helmfiles directive? directly to a yaml file? or is it done similarly to a dependency directive in helmsman for example which points to a whole chart directory (with /templates and Chart.yaml included)?

roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

mumoshu avatar
mumoshu

hey! include isn’t supported in helmfile but you could intead if readFile and tpl

roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

2021-03-26

Nenad Strainovic avatar
Nenad Strainovic

Hi everyone. I’m trying to use https://github.com/roboll/helmfile/blob/master/docs/advanced-features.md but I’m not sure what I’m doing wrong as I cannot see any kustomize calls when I try to replace container registry before deployment. Any hint please? Thanks

roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

Nenad Strainovic avatar
Nenad Strainovic
Kustomize · Issue #1739 · roboll/helmfile

Hi, I'm trying to apply kustomize to modify the registry of container images based on examples from https://github.com/roboll/helmfile/blob/master/docs/advanced-features.md page. What I did: in…

mumoshu avatar
mumoshu

@ Hey! I’ve just added another reply there

1
Balazs Varga avatar
Balazs Varga

if I have the following folder structures charts config environments helmfile.d

• 00-foo.yaml where 00-foo.yaml contains the releases

bases:
  - ../repositories.yaml
  - ../environments.yaml

{{ readFile "../templates.yaml" }}

values:
  - ../environments/example.yaml

releases:
- name: bar
  namespace: default
  chart: charthub/bar
  version: 1.0.0
  <<: *default
  strategicMergePatches:
    .....

and templates.yaml contains the following

templates:
  default: &default
    missingFileHandler: Debug
    values:
      - ../config/{{ .Release.Name }}/values.yaml
      - ../config/{{ .Release.Name }}/values.yaml.gotmpl
      - ../config/{{ .Release.Name }}/{{ .Environment.Name }}.yaml
      - ../config/{{ .Release.Name }}/{{ .Environment.Name }}.yaml.gotmpl

can I somehow move the strategicmergepatches to a new folder like I did with values? ( I create a file under config/bar/values.yaml). so I don’t need to mess up my 00-foo.yaml file

Sam Buckingham avatar
Sam Buckingham

Is anyone facing issues with roboll.io DNS?

12:43:43  COMBINED OUTPUT:
12:43:43    Error: looks like "<http://roboll.io/charts>" is not a valid chart repository or cannot be reached: Get <http://roboll.io/charts/index.yaml>: dial tcp: lookup roboll.io on 169.254.169.254:53: no such host
walicolc avatar
walicolc

Yes its fu_ked

mumoshu avatar
mumoshu

Oh well what was in [roboll.io](http://roboll.io)? I’ve never realized it was there

rms1000watt avatar
rms1000watt

How would you base64 encode an ssm reference in helmfile?

var: <ref+awsssm://path/to/var>

Like, what is the order of rendering? Would I be able to pipe into b64enc ?

Sungho Spark avatar
Sungho Spark

Sounds like there’s a conscious decision made against supporting template functions with this. https://github.com/variantdev/vals#non-goals Gonna just do base64 encoding in helm chart it self.

variantdev/vals

Helm-like configuration values loader with support for various sources - variantdev/vals

1
rms1000watt avatar
rms1000watt

our lord and savior @Cameron Boulton pointed out this solution

{{ .Values.secrets.var123 | fetchSecretValue }}
mumoshu avatar
mumoshu

Yeah the original design decision in vals was to not support templating but so many people asked for it in helmfile, and even a contributor submited a PR to add fetchSecretValue

so it’s there

1
1

2021-03-25

Balazs Varga avatar
Balazs Varga

if I install a chart like this

- name: chart-name
  namespace: default
  chart: repo/chart-name
  version: 2.5.4
  wait: true

How could I add an additional yaml like secretfile to the installation ?

gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr

you can add a

secrets:
  - secrets_file.yaml
gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr
roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

Balazs Varga avatar
Balazs Varga

ot is ok secret was an example. it can be any type of resources.

gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr

maybe you can use the helmfiles: feature for nested states?

helmfiles:
  - path: ..
1
Balazs Varga avatar
Balazs Varga

currently I solved it with a “custom” chart. that contains all yamls I need. but I will check that feature. thanks

1
andrea.pavan avatar
andrea.pavan

You can create a “chart from a folder” and declare as a dependency. Used this approach in the past but had some issue with latest versions. There are some issue opened regarding how to create resources from scratch

gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr

@ how do you declare a chart as dependency?

andrea.pavan avatar
andrea.pavan
  - name: prometheus-stack-addons
    namespace: monitoring
    labels:
      chart: prometheus-stack-addons
      repo: local
      component: monitoring-addons
      namespace: monitoring
    chart: ./prometheus-stack-addons
    version: "0.4.0"
    dependencies:
      - chart: incubator/raw
    wait: true
    installed: true
    atomic: true
    values:
      - "./prometheus-stack-addons-raw/raw_{{ .Environment.Name }}.yml"

this was an example I used to create brand new resources from simple yaml manifests The trick was declaring incubator/raw as a dependencies (attention that stable and incubator are now both deprecated). I used this in my previous job.

gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr

great, this dependencies should work with local charts as well, right?

andrea.pavan avatar
andrea.pavan

I think so. Have a look at https://github.com/roboll/helmfile/issues/1547. I think it can help you to find the proper syntax

Add a way to disable dependency up when using helm-x · Issue #1547 · roboll/helmfile

Hi. When trying to use helm-x features on third party charts like linkerd, the process fails because of missing directories being referenced as dependency on the chart. I know this sounds like a &q…

gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr

ok thanks!

BTW declaring it as:

dependencies:
 - chart: file://..path

throw a panic: runtime error: index out of range [1] with length 1 error.

If declared as

dependencies:
 - name: some_name
   repository: file://..path

as in the linked issue, it does not recognise those name and repository fields: field name not found in type state.Dependency

mumoshu avatar
mumoshu

@ I have never tried file://..path so it might be not supported. Could you submit a github issue for that? (A tiny example for reproduction would be very much appreciated

gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr

@mumoshu it works by placing this dependencies directive in Charts.yaml (within the chart’s directory) instead of declaring it as part of the release. Not sure if that is the expected behaviour, but let me know if this is actually an issue or me just trying to do something not supported please

mumoshu avatar
mumoshu

@ Thanks! I might say it’s a bug in helmfile. If that works in Chart.yaml, it should ideally work in releases.[].dependencies within helmfile.yaml, too

Balazs Varga avatar
Balazs Varga

yeah. if I declare it it works, but as @mumoshu mentioned it would be awesome if it could work from helmfile,yaml too. should I create bug ticket about it ?

gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr

cool thank you for the clarification, will open an issue and let you know

1
mumoshu avatar
mumoshu

I’d appreciate it if you could create one!

mumoshu avatar
mumoshu

thanks

gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr
Local dependencies not working in release definition · Issue #1762 · roboll/helmfile

Hi all. I am facing an issue with local dependencies declaration part of a release, as follows: releases: - name: foo_rel namespace: foo_ns chart: foo_example dependencies: - name: dep_chart reposi…

mumoshu avatar
mumoshu

@ Thanks! In this thread, I thought you’ve also mentioned

dependencies:
 - chart: file://..path

Is it supposed to work in Helm’s Chart.yaml? If so, I believe it should also be addressed in the issue

Balazs Varga avatar
Balazs Varga

thank you guys.

1
gonzalez.mariano.gabr avatar
gonzalez.mariano.gabr

@mumoshu well, actually I just tried chart: file://../path in Chart.yaml and it doesn’t work there either (it complains about no repository being declared..which makes sense), so maybe that is not something supported.

mumoshu avatar
mumoshu

Gotcha! I’ll focus on repository thing then. Thanks for your confirmation

1

2021-03-24

2021-03-23

Loukas Agorgianitis avatar
Loukas Agorgianitis

Hello

Loukas Agorgianitis avatar
Loukas Agorgianitis

Quick question, does helmfile somehow support to set a values file for all environments using a template? I wanted something like this globally applied:

values:
  - .env.{{ .Environment.Name }}.yaml
bradym avatar
bradym

One way to do that is using a template in your helmfile:

templates:
  default: &default
    values:
      - .env.{{ .Environment.Name }}.yaml

Then in your releases:

  - name: your_app
    version: 1.0
    <<: *default
Loukas Agorgianitis avatar
Loukas Agorgianitis

I imagined that this could be the solution

bradym avatar
bradym

Not claiming this is the best way, but it works for me.

bradym avatar
bradym

You might also be able to do this in your helmfile:

values:
  - .env.{{ .Environment.Name }}.yaml
bradym avatar
bradym

Which is what you originally suggested.

bradym avatar
bradym

It may actually work, though. I’ve got a section like that where I’m setting individual values.

bradym avatar
bradym

Never tried it myself, so not sure.

Loukas Agorgianitis avatar
Loukas Agorgianitis

Well its not documented (or I’m not seeing it)

bradym avatar
bradym

Yeah, there are some definite holes in the documentation

bradym avatar
bradym

I think someone in here told me that you could do that with values

andrea.pavan avatar
andrea.pavan

I can confirm it works. Used many times

2021-03-22

2021-03-18

2021-03-17

2021-03-16

Andrew Nazarov avatar
Andrew Nazarov

I’m wondering if some mechanisms exist to prevent privateKey: <ref+gcpsecrets://blablabla> from failing during helmfile template when I don’t have this secret created yet.

mumoshu avatar
mumoshu

Probably it might be a bug if it doesn’t fail in such case

mumoshu avatar
mumoshu

Do you have any github issue related to it?

mumoshu avatar
mumoshu
Handle vals failures if a reference is unavailable · Issue #1728 · roboll/helmfile

Say I have the following reference: privateKey: <ref+gcpsecrets://blablabla> By default, if a referenced value is not presented helmfile template or helmfile apply will fail. However sometimes it&#39…

Andrew Nazarov avatar
Andrew Nazarov


Probably it might be a bug if it doesn’t fail in such case
Actually it’s the opposite - I don’t want it to fail, because I know that the referenced object is not there yet:)

mumoshu avatar
mumoshu

ah gotcha! that’s definitely not implemented. would be my next good exercise with https://github.com/variantdev/vals

variantdev/vals

Helm-like configuration values loader with support for various sources - variantdev/vals

2021-03-11

Igor Urazov avatar
Igor Urazov

I’m installing certain chart from external repo via helmfile. This chart has post-upgrade hook, and I want to run this hook on first install too (job that applies migrations in db). Is this doable in helmfile? Also what would be general recommendation to manually run hook specific job from chart?

Ievgenii Shepeliuk avatar
Ievgenii Shepeliuk

Just thinking aloud but maybe

$ helm upgrade --install ....

could solve this.

half serious / half joke

mumoshu avatar
mumoshu

Have you considered postsync hook?

https://github.com/roboll/helmfile/#hooks

roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

mumoshu avatar
mumoshu

Perhaps we’d better add postinstall hooks to helmfile?

Igor Urazov avatar
Igor Urazov

@mumoshu Hmm, how to “connect/call” helm chart’s post-upgrade hook with hooks defined in helmfile?

The more I look into this, the more I think that helmfile shouldn’t bother solving this one time operation. I extracted job from helmfile template and manually applied it with kubectl.

1

2021-03-08

SlackBot avatar
SlackBot
07:16:23 PM

This message was deleted.

Rene Hernandez avatar
Rene Hernandez

Hi everyone. have anyone here has had success integrating helmfile with the helm unittest plugin? https://github.com/lrills/helm-unittest

lrills/helm-unittest

BDD styled unit test framework for Kubernetes Helm charts as a Helm plugin. - lrills/helm-unittest

2021-03-05

2021-03-04

2021-03-02

2021-03-01

Balazs Varga avatar
Balazs Varga

hello all, is there a way to give failover docker & helm repository in case the 1st give error 5xx or not accessible ?

Lukasz K avatar
Lukasz K

hey gang, I’m using vals to retrieve secrets from aws secrets manager. This is may config {{ .Values.awsSecret | expandSecretRefs | toYaml | nindent 2 }} Now, the problem: one of the value on the secret starts with # which is then treated as a comment in yaml. any idea how to wrap values with "" or something?

Lukasz K avatar
Lukasz K

something like piping trhough | quote would be ideal

Lukasz K avatar
Lukasz K

it turns out that I was missing | quote in the k8s secret definition, boom, solved

Marcus Ramberg avatar
Marcus Ramberg

Anyone had success using helmfile secrets with aws sso? Getting a ‘deprecated’ message

 NoCredentialProviders: no valid providers in chain. Deprecated.
tomv avatar

do you have a valid aws profile? i.e. does aws sts get-caller-identity return properly?

Marcus Ramberg avatar
Marcus Ramberg

yes

Marcus Ramberg avatar
Marcus Ramberg

terraform was recently updated to support sso, so it works with terraform, aws, kubectl. But not helmfile vals refs

Justin Seiser avatar
Justin Seiser

@ i think the issue is with sops

Justin Seiser avatar
Justin Seiser
mozilla/sops

Simple and flexible tool for managing secrets. Contribute to mozilla/sops development by creating an account on GitHub.

Justin Seiser avatar
Justin Seiser

i know, it used to be a problem for us, and users had to start exporting variables before they could do it

Justin Seiser avatar
Justin Seiser

in AWS SSO, if you go to `command line or programmatic access”. – it gives you a copy/paste of the access/secret and token

Justin Seiser avatar
Justin Seiser

if you export those, you can use sops/helm-secret

Marcus Ramberg avatar
Marcus Ramberg

@ I think you’re right. we’re using vals (ref+ urls) and not sops, but probably same workaround.

    keyboard_arrow_up