Hey guys, recently started using helmfiles, had some questions in my head which i wanted to confirm how people here in community manage:
• I am exploring a use-case, where i want to use a public helm chart (from an open source repo) with my own values.yml file, but want to use some of my own custom templates as well (with crd’s, on my local). Is there a possibility to club them together in a single
helmfile -f blah.yml sync command?
• Or is it not possible and only way (and best practice) is to get a copy of the actual templates and create in-house charts?
hello all, when I do a helmfile apply and sometimes I cannot deploy all apps becaue of an error, but I see helmfile already created the “release” secret file and next file it won’t try to deploy the app because it checks the file and it does not see any changes, however I could not deploy that app. is that expected, or is there a setting or param that I can set to delete this file on error / revert ?
Hey @mumoshu! Long time no talk. Hope you’re doing well. Curious if you’d be open to support an issue/PR to the secrets handling for helmfile. I have a scenario where my secrets are resolved externally and brought in with an exec, but I’d really like to get them able to be suppressed. I’m thinking if i could shove them into the
secrets: block with a secret engine of
none, I could still leverage the suppression with minimal code change?
Hey! Your contribution is always welcomed but
with a secret engine of none I couldn’t understand this part.
Probably you can share me a imaginary configuration that you’ll write after your suggested helmfile improvement, so that I can better see your goal?
Actually after some research I think I was simply expecting secrets functionality in helmfile to operator differently than it does. figuring out
--supress-secrets literally supresses kubernetes secrets objects output and nothing else
--supress-diff is the best available to me right now for not logging secrets to CI/CD
or I could just go with a
sync to produce no output as well i suppose
one thing I also tried was using the remote secrets stuff via
vals. They have a format
secretref+... which takes the sensitivity of the infromation into account when displaying
secretref+file://<file> , but helmfile does not appear to notice or care about this , although it does load the data fine enough in plain text
Do you think its possible we could determine via vals if the data came from
secretrefs and block it from output ?
that will require a lot of refactoring and development effort