#helmfile (2023-05)

https://github.com/helmfile/helmfile

Questions and discussion around helmfile https://github.com/roboll/helmfile and https://github.com/cloudposse/helmfiles

Archive: https://archive.sweetops.com/helmfile/

2023-05-01

Jacob Amar avatar
Jacob Amar

hi all, i was wondering how would you work in a huge team of 15 engineers with helmfile? because if we have multiple clusters and now one engineer need to work on prometheus values and the other one working on argocd we are locking each other

yxxhero avatar
yxxhero

@Jacob Amar maybe you can use an independent helmfile per project?

2023-05-02

Martin Dulák avatar
Martin Dulák

Hello everyone! I have a question regarding helmfile diff I want to use helmfile to regularly check whether my cluster is up-to-date with my Git. What I have done:

  1. Install Nginx Ingress ``` repositories:

releases:

  • name: nginx-ingress chart: ingress-nginx/ingress-nginx version: 4.4.2 namespace: system values:
    • nginx-ingress.yaml ``` 2. Manually change number of replicas of nginx controller in my cluster.
  1. Run helmfile diff

When I do this, no changes are detected. Is this a feature or a bug? Am I overlooking something? Many thanks!

Tim Birkett avatar
Tim Birkett

Helm only makes a comparison against the Helm release object in the cluster. Not the running state of the resources it creates.

1
Tim Birkett avatar
Tim Birkett

You could do something like: helmfile template | kubectl -n system diff - but I’d just not make changes to resources in the cluster directly.

1
Martin Dulák avatar
Martin Dulák

That’s unfortunate as the command you proposed prints a lot of changes, even when comparing the helmfile with the just-installed release. I’d expect zero changes reported in this case.

diff -u -N /tmp/LIVE-4028358175/admissionregistration.k8s.io.v1.ValidatingWebhookConfiguration..cert-manager-webhook /tmp/MERGED-3331766146/admissionregistration.k8s.io.v1.ValidatingWebhookConfiguration..cert-manager-webhook
--- /tmp/LIVE-4028358175/admissionregistration.k8s.io.v1.ValidatingWebhookConfiguration..cert-manager-webhook   2023-05-03 09:58:12.292005900 +0200
+++ /tmp/MERGED-3331766146/admissionregistration.k8s.io.v1.ValidatingWebhookConfiguration..cert-manager-webhook 2023-05-03 09:58:12.293072200 +0200
@@ -6,7 +6,7 @@
...

2023-05-03

Dominic Cardellino avatar
Dominic Cardellino

Hey again,

Posting this here hoping to get a quick response. I try to template my alertmanager config (kube-prometheus-stack) with helmfile. I have configured a (not that special) slack message template and i am not able to deploy the application. The values.yaml looks something like this:

alertmanager:
  config:
    receivers:
      - name: 'slack'
        slack_configs:
          - send_resolved: true
            api_url: <redacted
            username: AlertManager
            title: "{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}"
            text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}"

and if i run helmfile diff/apply i get the following error:

in ./helmfile.yaml: in .helmfiles[3]: in releases/04-prometheus/helmfile.yaml: failed processing release kube-prometheus-stack: failed to render values files "values.yaml.gotmpl": failed to render [values.yaml.gotmpl], because of template: stringTemplate:55:29: executing "stringTemplate" at <.Alerts>: can't evaluate field Alerts in type state.releaseTemplateData

Somebody got a similar issue?

bradym avatar

I ran into the same thing with the helmfile + alertmanager combo. Since alertmanager also uses golang templating, you need helmfile rendering to spit out valid golang templating for alertmanager.

This should do the trick:

alertmanager:
  config:
    receivers:
      - name: 'slack'
        slack_configs:
          - send_resolved: true
            api_url: <redacted
            username: AlertManager
            title: "{{`{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}`}}"
            text: "{{`{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}`}}"
bradym avatar

Just wrapping the alertmanager template in:

{{` `}}
Dominic Cardellino avatar
Dominic Cardellino

I will try thx

Dominic Cardellino avatar
Dominic Cardellino

@bradym It worked all! Nice and thank you mate!

1
voron avatar

We just use .yaml instead of .yaml.gotmpl for such data. No issues with parsing from helmfile side so far.

Dominic Cardellino avatar
Dominic Cardellino

Okay interesting. Will try it also

bradym avatar

Yeah, that should work assuming you don’t want helmfile to render any variables at all.

In our case we have some that we want helmfile to render so the quote approach was needed. Just depends on what you’re doing.

1
Dominic Cardellino avatar
Dominic Cardellino

@bradym Again me :smile: I use in the title the following template function:

"{{`{{ template 'slack.title' . }}`}}"

But the rendered configuration looks like this:

'{{ template ''slack.title'' . }}'

It makes to single quotes which alertmanager can’t handle and therefore do not send any messages to slack.. Do you have a trick for this?

bradym avatar

That’s odd, never seen that happen before. First thing I’d try would be using " around slack.title instead of ' - guessing you’ve probably tried that already.

Dominic Cardellino avatar
Dominic Cardellino

This kinda works for templating but alertmanager can’t handle it, it now errors:

unrecoverable error after 1 attempts: template: :1: unexpected \"slack\" in template clause"

Dominic Cardellino avatar
Dominic Cardellino

My bad, was just a typo somewhere else in the configuration

1

2023-05-04

2023-05-09

Aaron Brewbaker avatar
Aaron Brewbaker

Hey everybody. I have some CRs I want to install with my helmfile managed project. What is the best way to add them? It’s AzureKeyVaultSecret resources for https://akv2k8s.io/. I see the strategic merge patch thing in the docs, is that what I should do for these? Wrap it in an incubator/raw chart and add them as additional releases?

Overviewattachment image

Explore Azure Key Vault to Kubernetes

voron avatar

raw chart is what we use + needs on the main release

Overviewattachment image

Explore Azure Key Vault to Kubernetes

2023-05-14

2023-05-19

Dominic Cardellino avatar
Dominic Cardellino

Hey Community,

I currently try to install bitnami/postgresql Helm-Chart with helmfile Installing the chart the first time runs smooth, but when I modify the values and try to upgrade the release, I get the following error message:

ARGS:
  0: helm (4 bytes)
  1: --kube-context (14 bytes)
  2: gke_emoneyflow_europe-west3_gke-creative-cloud-shared-staging (61 bytes)
  3: diff (4 bytes)
  4: upgrade (7 bytes)
  5: --allow-unreleased (18 bytes)
  6: mypg (4 bytes)
  7: bitnami/postgresql (18 bytes)
  8: --kube-context (14 bytes)
  9: gke_emoneyflow_europe-west3_gke-creative-cloud-shared-staging (61 bytes)
  10: --namespace (11 bytes)
  11: default (7 bytes)
  12: --values (8 bytes)
  13: /var/folders/xm/dz525m8s23jf7lpwgnd67qwr0000gn/T/helmfile2670271078/default-mypg-values-77c9786c98 (98 bytes)
  14: --detailed-exitcode (19 bytes)
  15: --color (7 bytes)
  16: --context (9 bytes)
  17: 10 (2 bytes)
  18: --reset-values (14 bytes)

ERROR:
  exit status 1

EXIT STATUS
  1

STDERR:
  Error: Failed to render chart: exit status 1: Error: execution error at (postgresql/templates/secrets.yaml:5:24):
  PASSWORDS ERROR: You must provide your current passwords when upgrading the release.
                   Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims.
                   Further information can be obtained at <https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases>
      'global.postgresql.auth.postgresPassword' must not be empty, please add '--set global.postgresql.auth.postgresPassword=$POSTGRES_PASSWORD' to the command. To get the current value:
          export POSTGRES_PASSWORD=$(kubectl get secret --namespace "default" mypg-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)
  Use --debug flag to render out invalid YAML
  Error: plugin "diff" exited with error

COMBINED OUTPUT:
  Enabled three way merge via the envvar
  Error: Failed to render chart: exit status 1: Error: execution error at (postgresql/templates/secrets.yaml:5:24):
  PASSWORDS ERROR: You must provide your current passwords when upgrading the release.
                   Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims.
                   Further information can be obtained at <https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases>
      'global.postgresql.auth.postgresPassword' must not be empty, please add '--set global.postgresql.auth.postgresPassword=$POSTGRES_PASSWORD' to the command. To get the current value:
          export POSTGRES_PASSWORD=$(kubectl get secret --namespace "default" mypg-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)
  Use --debug flag to render out invalid YAML
  Error: plugin "diff" exited with error

I already opened a Github Issue but it seems that not the chart is the problem, more helm diff causes the error.. Do you have any idea?

Dan Miller (Cloud Posse) avatar
Dan Miller (Cloud Posse)

sounds like youre missing or have an invalid password:

  PASSWORDS ERROR: You must provide your current passwords when upgrading the release.
Dominic Cardellino avatar
Dominic Cardellino

@Dan Miller (Cloud Posse) yes somehow there was a difference in the existing password and the provided password

2023-05-20

2023-05-24

2023-05-25

2023-05-30

Herman Smith avatar
Herman Smith

In a helmfile.yaml, with a block like:

environments:
  env_foo:
    values:
      - foo-values.yaml

And when foo-values.yaml contains bar: baz

Is the chart expected to be able to access .Values.bar ? I’m getting a nil pointer error.

Running:

helmfile --environment env_foo template --include-crds -q --debug

.Values only appears to contain the values defined within the chart’s own values.yaml file. With --debug I even see merged environment: &{env_foo map[bar:baz] map[]} - but it doesn’t seem to take effect

1
voron avatar

helmfile environment values are internal helmfile values( helmfile state values), it’s not copied into helm release values. You have to specify helm release values separately via values/valuesTemplate/set/setTemplate. And you may use helmfile state values inside release values, f.e : helmfile.yaml

environments:
  europe:
    values:
        filebeat_port: 8080
--
releases:
  - name: filebeat
    chart: elastic/filebeat
    version: ~7.17.0
    valuesTemplate:
      - "{{`{{ base .Release.Chart }}`}}.yaml.gotmpl"

filebeat.yaml.gotmpl:

{{- $port := .StateValues | get "filebeat_port" (printf "8080") -}}
deployment:
  filebeatConfig:
    filebeat.yml: |
      filebeat.inputs:
      - type: http_endpoint
        enabled: true
        listen_port: {{ $port }}
Herman Smith avatar
Herman Smith

Thanks @voron!

1
Herman Smith avatar
Herman Smith

Should add, the underlying helm command it appears to execute is: helm template myrelease /tmp/test-chart/mychart/ --include-crds --debug

And the rest of the helmfile is:

releases:
- name: myrelease
  chart: "/tmp/test-chart/mychart/" 

2023-05-31

Jim Conner avatar
Jim Conner

@Sean this one?

1
yxxhero avatar
yxxhero

what can I do for you about helmfile?

    keyboard_arrow_up