#helmfile (2021-06)

https://github.com/roboll/helmfile

Questions and discussion around helmfile https://github.com/roboll/helmfile and https://github.com/cloudposse/helmfiles Archive: https://archive.sweetops.com/helmfile/

2021-06-11

grv avatar

Hey guys, recently started using helmfiles, had some questions in my head which i wanted to confirm how people here in community manage:

• I am exploring a use-case, where i want to use a public helm chart (from an open source repo) with my own values.yml file, but want to use some of my own custom templates as well (with crd’s, on my local). Is there a possibility to club them together in a single helmfile -f blah.yml sync command?

• Or is it not possible and only way (and best practice) is to get a copy of the actual templates and create in-house charts?

2021-06-10

2021-06-09

Balazs Varga avatar
Balazs Varga

hello all, when I do a helmfile apply and sometimes I cannot deploy all apps becaue of an error, but I see helmfile already created the “release” secret file and next file it won’t try to deploy the app because it checks the file and it does not see any changes, however I could not deploy that app. is that expected, or is there a setting or param that I can set to delete this file on error / revert ?

Rene Hernandez avatar
Rene Hernandez

What do you mean by a release secret file? Can you provide a code example?

Balazs Varga avatar
Balazs Varga
06:35:34 AM

I amtalking about this file

Rene Hernandez avatar
Rene Hernandez

But where is that coming from? Could share some code example? That looks like coming from falco

2021-06-06

2021-06-04

2021-06-02

jason800 avatar
jason800

Hey @mumoshu! Long time no talk. Hope you’re doing well. Curious if you’d be open to support an issue/PR to the secrets handling for helmfile. I have a scenario where my secrets are resolved externally and brought in with an exec, but I’d really like to get them able to be suppressed. I’m thinking if i could shove them into the secrets: block with a secret engine of none, I could still leverage the suppression with minimal code change?

mumoshu avatar
mumoshu

Hey! Your contribution is always welcomed but
with a secret engine of none
I couldn’t understand this part.

Probably you can share me a imaginary configuration that you’ll write after your suggested helmfile improvement, so that I can better see your goal?

jason800 avatar
jason800

Actually after some research I think I was simply expecting secrets functionality in helmfile to operator differently than it does. figuring out --supress-secrets literally supresses kubernetes secrets objects output and nothing else

jason800 avatar
jason800

--supress-diff is the best available to me right now for not logging secrets to CI/CD

jason800 avatar
jason800

or I could just go with a sync to produce no output as well i suppose

jason800 avatar
jason800

one thing I also tried was using the remote secrets stuff via vals. They have a format secretref+... which takes the sensitivity of the infromation into account when displaying

jason800 avatar
jason800

secretref+file://<file> , but helmfile does not appear to notice or care about this , although it does load the data fine enough in plain text

jason800 avatar
jason800

Do you think its possible we could determine via vals if the data came from secretrefs and block it from output ?

mumoshu avatar
mumoshu

that will require a lot of refactoring and development effort

    keyboard_arrow_up