#helmfile (2023-05)
Questions and discussion around helmfile https://github.com/roboll/helmfile and https://github.com/cloudposse/helmfiles
Archive: https://archive.sweetops.com/helmfile/
2023-05-01
hi all, i was wondering how would you work in a huge team of 15 engineers with helmfile? because if we have multiple clusters and now one engineer need to work on prometheus values and the other one working on argocd we are locking each other
@Jacob Amar maybe you can use an independent helmfile per project?
2023-05-02
Hello everyone! I have a question regarding helmfile diff
I want to use helmfile to regularly check whether my cluster is up-to-date with my Git.
What I have done:
- Install Nginx Ingress
```
repositories:
- name: ingress-nginx url: https://kubernetes.github.io/ingress-nginx
releases:
- name: nginx-ingress
chart: ingress-nginx/ingress-nginx
version: 4.4.2
namespace: system
values:
- nginx-ingress.yaml ``` 2. Manually change number of replicas of nginx controller in my cluster.
- Run
helmfile diff
When I do this, no changes are detected. Is this a feature or a bug? Am I overlooking something? Many thanks!
Helm only makes a comparison against the Helm release object in the cluster. Not the running state of the resources it creates.
You could do something like: helmfile template | kubectl -n system diff - but I’d just not make changes to resources in the cluster directly.
That’s unfortunate as the command you proposed prints a lot of changes, even when comparing the helmfile with the just-installed release. I’d expect zero changes reported in this case.
diff -u -N /tmp/LIVE-4028358175/admissionregistration.k8s.io.v1.ValidatingWebhookConfiguration..cert-manager-webhook /tmp/MERGED-3331766146/admissionregistration.k8s.io.v1.ValidatingWebhookConfiguration..cert-manager-webhook
--- /tmp/LIVE-4028358175/admissionregistration.k8s.io.v1.ValidatingWebhookConfiguration..cert-manager-webhook 2023-05-03 09:58:12.292005900 +0200
+++ /tmp/MERGED-3331766146/admissionregistration.k8s.io.v1.ValidatingWebhookConfiguration..cert-manager-webhook 2023-05-03 09:58:12.293072200 +0200
@@ -6,7 +6,7 @@
...
2023-05-03
Hey again,
Posting this here hoping to get a quick response. I try to template my alertmanager config (kube-prometheus-stack) with helmfile. I have configured a (not that special) slack message template and i am not able to deploy the application. The values.yaml looks something like this:
alertmanager:
config:
receivers:
- name: 'slack'
slack_configs:
- send_resolved: true
api_url: <redacted
username: AlertManager
title: "{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}"
text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}"
and if i run helmfile diff/apply i get the following error:
in ./helmfile.yaml: in .helmfiles[3]: in releases/04-prometheus/helmfile.yaml: failed processing release kube-prometheus-stack: failed to render values files "values.yaml.gotmpl": failed to render [values.yaml.gotmpl], because of template: stringTemplate:55:29: executing "stringTemplate" at <.Alerts>: can't evaluate field Alerts in type state.releaseTemplateData
Somebody got a similar issue?
I ran into the same thing with the helmfile + alertmanager combo. Since alertmanager also uses golang templating, you need helmfile rendering to spit out valid golang templating for alertmanager.
This should do the trick:
alertmanager:
config:
receivers:
- name: 'slack'
slack_configs:
- send_resolved: true
api_url: <redacted
username: AlertManager
title: "{{`{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}`}}"
text: "{{`{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}`}}"
Just wrapping the alertmanager template in:
{{` `}}
I will try thx
We just use .yaml instead of .yaml.gotmpl for such data. No issues with parsing from helmfile side so far.
Okay interesting. Will try it also
Yeah, that should work assuming you don’t want helmfile to render any variables at all.
In our case we have some that we want helmfile to render so the quote approach was needed. Just depends on what you’re doing.
@bradym Again me :smile: I use in the title the following template function:
"{{`{{ template 'slack.title' . }}`}}"
But the rendered configuration looks like this:
'{{ template ''slack.title'' . }}'
It makes to single quotes which alertmanager can’t handle and therefore do not send any messages to slack.. Do you have a trick for this?
That’s odd, never seen that happen before. First thing I’d try would be using " around slack.title instead of ' - guessing you’ve probably tried that already.
This kinda works for templating but alertmanager can’t handle it, it now errors:
unrecoverable error after 1 attempts: template: :1: unexpected \"slack\" in template clause"
2023-05-04
2023-05-09
Hey everybody. I have some CRs I want to install with my helmfile managed project. What is the best way to add them? It’s AzureKeyVaultSecret resources for https://akv2k8s.io/. I see the strategic merge patch thing in the docs, is that what I should do for these? Wrap it in an incubator/raw chart and add them as additional releases?
2023-05-14
2023-05-19
Hey Community,
I currently try to install bitnami/postgresql Helm-Chart with helmfile
Installing the chart the first time runs smooth, but when I modify the values and try to upgrade the release, I get the following error message:
ARGS:
0: helm (4 bytes)
1: --kube-context (14 bytes)
2: gke_emoneyflow_europe-west3_gke-creative-cloud-shared-staging (61 bytes)
3: diff (4 bytes)
4: upgrade (7 bytes)
5: --allow-unreleased (18 bytes)
6: mypg (4 bytes)
7: bitnami/postgresql (18 bytes)
8: --kube-context (14 bytes)
9: gke_emoneyflow_europe-west3_gke-creative-cloud-shared-staging (61 bytes)
10: --namespace (11 bytes)
11: default (7 bytes)
12: --values (8 bytes)
13: /var/folders/xm/dz525m8s23jf7lpwgnd67qwr0000gn/T/helmfile2670271078/default-mypg-values-77c9786c98 (98 bytes)
14: --detailed-exitcode (19 bytes)
15: --color (7 bytes)
16: --context (9 bytes)
17: 10 (2 bytes)
18: --reset-values (14 bytes)
ERROR:
exit status 1
EXIT STATUS
1
STDERR:
Error: Failed to render chart: exit status 1: Error: execution error at (postgresql/templates/secrets.yaml:5:24):
PASSWORDS ERROR: You must provide your current passwords when upgrading the release.
Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims.
Further information can be obtained at <https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases>
'global.postgresql.auth.postgresPassword' must not be empty, please add '--set global.postgresql.auth.postgresPassword=$POSTGRES_PASSWORD' to the command. To get the current value:
export POSTGRES_PASSWORD=$(kubectl get secret --namespace "default" mypg-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)
Use --debug flag to render out invalid YAML
Error: plugin "diff" exited with error
COMBINED OUTPUT:
Enabled three way merge via the envvar
Error: Failed to render chart: exit status 1: Error: execution error at (postgresql/templates/secrets.yaml:5:24):
PASSWORDS ERROR: You must provide your current passwords when upgrading the release.
Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims.
Further information can be obtained at <https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases>
'global.postgresql.auth.postgresPassword' must not be empty, please add '--set global.postgresql.auth.postgresPassword=$POSTGRES_PASSWORD' to the command. To get the current value:
export POSTGRES_PASSWORD=$(kubectl get secret --namespace "default" mypg-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)
Use --debug flag to render out invalid YAML
Error: plugin "diff" exited with error
I already opened a Github Issue but it seems that not the chart is the problem, more helm diff causes the error.. Do you have any idea?
sounds like youre missing or have an invalid password:
PASSWORDS ERROR: You must provide your current passwords when upgrading the release.
@Dan Miller (Cloud Posse) yes somehow there was a difference in the existing password and the provided password
2023-05-20
2023-05-24
2023-05-25
2023-05-30
In a helmfile.yaml, with a block like:
environments:
env_foo:
values:
- foo-values.yaml
And when foo-values.yaml contains bar: baz
Is the chart expected to be able to access .Values.bar ? I’m getting a nil pointer error.
Running:
helmfile --environment env_foo template --include-crds -q --debug
.Values only appears to contain the values defined within the chart’s own values.yaml file. With --debug I even see merged environment: &{env_foo map[bar:baz] map[]} - but it doesn’t seem to take effect
helmfile environment values are internal helmfile values( helmfile state values), it’s not copied into helm release values. You have to specify helm release values separately via values/valuesTemplate/set/setTemplate. And you may use helmfile state values inside release values, f.e :
helmfile.yaml
environments:
europe:
values:
filebeat_port: 8080
--
releases:
- name: filebeat
chart: elastic/filebeat
version: ~7.17.0
valuesTemplate:
- "{{`{{ base .Release.Chart }}`}}.yaml.gotmpl"
filebeat.yaml.gotmpl:
{{- $port := .StateValues | get "filebeat_port" (printf "8080") -}}
deployment:
filebeatConfig:
filebeat.yml: |
filebeat.inputs:
- type: http_endpoint
enabled: true
listen_port: {{ $port }}
Should add, the underlying helm command it appears to execute is: helm template myrelease /tmp/test-chart/mychart/ --include-crds --debug
And the rest of the helmfile is:
releases:
- name: myrelease
chart: "/tmp/test-chart/mychart/"
2023-05-31
