#helmfile (2023-11)

https://github.com/helmfile/helmfile

Questions and discussion around helmfile https://github.com/roboll/helmfile and https://github.com/cloudposse/helmfiles

Archive: https://archive.sweetops.com/helmfile/

2023-11-01

2023-11-02

CraigB avatar
CraigB
02:46:59 PM

QQ, are helmDefaults inherited into sub-helmfiles or do they need to specify the defaults again?

andrew.j.gershman avatar
andrew.j.gershman
06:03:49 PM

Initial impl of a pulumi provider https://github.com/helmfile/vals/pull/180

#180 feat(providers) initial implementation of pulumi provider
Tom Janson avatar
Tom Janson
06:18:58 PM

@mumoshu currently any use of insecureSkipTLSVerify which calls helm diff upgrade fails (e.g., helmfile apply with helmDefaults.insecureSkipTLSVerify: true), see https://github.com/databus23/helm-diff/issues/503 . (I’m not sure if it worked previously.)

Tom Janson avatar
Tom Janson
06:19:39 PM

I understand that it’s a helm-diff issue though, not a Helmfile one.

yxxhero avatar
yxxhero
12:03:57 AM

@Tom Janson do you mind to create a issue for that issue?

Tom Janson avatar
Tom Janson
11:13:47 AM

I’d be happy to — but should I? Considering it’s a helm-diff issue that’s outside the scope of Helmfile?

voron avatar
voron
01:22:28 PM

It may be an option to let other helmfile users know that

• the problem is aсknowledged

• an issue is in helm-diff, not in helmfile itself.

Tom Janson avatar
Tom Janson
11:50:43 AM

created issue here: https://github.com/helmfile/helmfile/issues/1122

#1122 Helmfile's `insecureSkipTLSVerify` option yields errors due to upstream bug in helm-diff

Operating system

macOS 14

Helmfile Version

v0.158.1

Helm Version

v3.13.1

Bug description

Enabling insecureSkipTLSVerify currently leads to a bug in helm-diff, with error unknown flag: --insecure-skip-tls-verify.
This is not Helmfile’s fault, but it affects Helmfile users.
It seems the issue was introduced in Helm v3.10 (see discussion above).

Example helmfile.yaml

helmDefaults:
  insecureSkipTLSVerify: true

repositories:
- name: bitnami
  url: <https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami>

releases:
- name: example-release
  chart: bitnami/wordpress

Error message you’ve seen (if any)

Adding repo bitnami <https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami>
"bitnami" has been added to your repositories

Comparing release=example-release, chart=bitnami/wordpress
in ./helmfile.yaml: command "/opt/homebrew/bin/helm" exited with non-zero status:

PATH:
  /opt/homebrew/bin/helm

ARGS:
  0: helm (4 bytes)
  1: diff (4 bytes)
  2: upgrade (7 bytes)
  3: --allow-unreleased (18 bytes)
  4: example-release (15 bytes)
  5: bitnami/wordpress (17 bytes)
  6: --insecure-skip-tls-verify (26 bytes)
  7: --detailed-exitcode (19 bytes)
  8: --color (7 bytes)
  9: --reset-values (14 bytes)

ERROR:
  exit status 1

EXIT STATUS
  1

STDERR:
  Error: unknown flag: --insecure-skip-tls-verify

COMBINED OUTPUT:
  Error: unknown flag: --insecure-skip-tls-verify

Steps to reproduce

helmfile apply

Working Helmfile Version

Helm v3.9

Relevant discussion

databus23/helm-diff#503

1

2023-11-03

2023-11-06

2023-11-09

Alex avatar
Alex
08:34:18 PM

Hi guys

I run helmfile to deploy the same thing in kubernetes and on vm. They have the same avaliable memory(~3.5Gi) but CPU can vary. On VM it’s 2 cores on kubernetes request is only 700m without limit. In many cases job that is running in kubernetes get OOM meanwhile it works without problems on VM. command: helmfile sync

It seems to me that problem could be related to CPU(in bad case helmfile can only get 700m) and disk usage(other pods on the same node can use disk) but I have no idea how that resulted in OOM kill, could someone explain how these things can be related?

Dominique Dumont avatar
Dominique Dumont
01:45:34 PM

How much memory does your “same thing” consumes on your VM ?

Alex avatar
Alex
05:46:48 PM

This is simple deployment using helmfile sync Value is differnet every time

Question is more about: how disk and CPU could lead to increased memory usage during helmfile sync execution? What can cause this?

josephgardner avatar
josephgardner
04:51:51 AM

Is there any way to get a deterministic group ID from the DAG during installation? I was hoping to use it as an annotation

josephgardner avatar
josephgardner
12:50:04 PM

I need a way to add a sequence number to a resource in each chart to capture the order in which they were installed. The creation timestamp isn’t granular enough

josephgardner avatar
josephgardner
05:32:57 PM

Bump: is there some clever way to set a deterministic sequence number on charts installed by helmfile that represents the DAG order?

2023-11-10

2023-11-13

CraigB avatar
CraigB
10:44:44 AM

I notice that passing in a namespace on the command line takes precedence over any namespace value defined in a release. Is there any way to control this behaviour? i.e. I want to enforce a release is only installed in a specific namespace

voron avatar
voron
10:17:48 PM

Don’t override namespace via cli arg while installing this particular release. It may be achieved using selectors.

2023-11-14

2023-11-24

Tim avatar
Tim
10:40:24 AM

Hey there, I have a very small helmfile with which I want to sync releases in different environments, currently it looks like this:

environments:
  default: # developers and jenkins commit deployments
    values:
      - default:
          enabled: true
      - live:
          enabled: false
  live: # jenkins only, live deployments
    values:
      - default:
          enabled: false
      - live:
          enabled: true
---
templates:
  default:
    chart: ./chart
---
releases:
  - name: dev-release
    condition: default.enabled
    inherit:
      - template: default
  - name: live-release
    condition: live.enabled
    inherit:
      - template: default

is this the correct way to do this? Or is there a better way?

Tim avatar
Tim
10:41:10 AM

I want helmfile not to touch the dev releases when updating the live releases and vice versa

Tim avatar
Tim
09:22:29 AM

but having the values in all environments feels like duplicate information.. Ideally I would want to just say something like condition: {{ eq .Environment.Name "live" }} but that doesn’t work since the key name needs to be enabled

Igor Rodionov avatar
Igor Rodionov
07:49:26 PM

@Tim I never saw inherit and condition settings in helmfile. Where did you find that fields in helmfile docs?

Igor Rodionov avatar
Igor Rodionov
07:49:31 PM


I want helmfile not to touch the dev releases when updating the live releases and vice versa

Igor Rodionov avatar
Igor Rodionov
07:49:36 PM

I’d say you need

Igor Rodionov avatar
Igor Rodionov
07:51:32 PM
releases:
{{ if eq .Environment.Name "dev" }}
  - name: dev-release
    condition: default.enabled
    inherit:
      - template: default
{{ else if (eq .Environment.Name "live") }}
  - name: live-release
    condition: live.enabled
    inherit:
      - template: default
{{ end }}
Igor Rodionov avatar
Igor Rodionov
07:52:17 PM

but it seem better way would be like that

Igor Rodionov avatar
Igor Rodionov
07:54:38 PM
environments:
  default: # developers and jenkins commit deployments
    values: [] #  <- Default env values goes here
  live: # jenkins only, live deployments
    values: [] # <- Live env values goes here
releases:
  - name: {{ .Environment.Name }}-release
    chart: ./chart
Tim avatar
Tim
08:36:45 AM

Thanks a lot for your detailed response, will give it a try. I found those values in the docs, inherit and condition

1
Tim avatar
Tim
08:38:59 AM

Unfortunately your suggestion doesn’t solve the issue that helmfile will destroy releases when doing a helmfile sync. For me it is not about setting env values but having releases defined that will be updated when a specific environment is selected and other releases will not be touched during that update

Tim avatar
Tim
08:40:34 AM

well your first suggestion actually does but I did not want to add templating into the helmfile because I thought I could do it with the condition field.. There might be a way but I can’t see it though..

CraigB avatar
CraigB
09:45:07 AM

If you only want to use the environment to drive releases you will need to do some templating:

environments:
  default: # developers and jenkins commit deployments
  live: # jenkins only, live deployments
---
templates:
  default:
    chart: ./chart

values:
  - live:
      enabled: {{ eq .Environment.Name "live" }}
  - default:
      enabled: {{ not (eq .Environment.Name "live") }}

---
releases:
  - name: dev-release
    condition: default.enabled
    inherit:
      - template: default

  - name: live-release
    condition: live.enabled
    inherit:
      - template: default

Or you could use a label and selector. So for example, instead of the condition you could add a label:

releases:
  - name: dev-release
    labels:
      live: false
    inherit:
      - template: default
  - name: live-release
    labels:
      live: true
    inherit:
      - template: default

And then run Helmfile with ---selector live=true to only update the live releases.

Tim avatar
Tim
09:16:25 AM

Thanks, that looks good! Is there a reason why I can not use essentially the environments as selectors? I already have that information in the environment selection, duplicating it in the selector seems redundant.. I guess templating will have to do then..

CraigB avatar
CraigB
09:20:12 AM

@Tim AFAIK not implicitly. You’d need to pass the environment again as a selector, e.g. helmfile -e live --selector environment=live

Tim avatar
Tim
09:22:33 AM

alright, thanks a lot, the templating approach works just fine and looks very clean!

2023-11-27

2023-11-28

2023-11-29

    keyboard_arrow_up