#helmfile (2024-08)

https://github.com/helmfile/helmfile

Questions and discussion around helmfile https://github.com/roboll/helmfile and https://github.com/cloudposse/helmfiles

Archive: https://archive.sweetops.com/helmfile/

2024-08-01

haque.zubair avatar
haque.zubair

Helmfile release 0.167.0 congratulations to everyone who helped out for this release

2
1

2024-08-13

Brennan avatar
Brennan

Maybe I’m just having trouble finding the setup docs, but where should helmfiles go in an atmos project? Are they a component?

1
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

Atmos natively supports Helmfile components same way as terraform/OpenTofu components.

We used to use Helmfile components s lot.

See some examples here https://github.com/cloudposse/atmos/tree/main/examples/tests/components/helmfile

https://github.com/cloudposse/atmos/tree/main/examples/tests/stacks/catalog/helmfile

Currently our proffered way to provision Helm charts with Terraform is to use the https://github.com/cloudposse/terraform-aws-helm-release module

cloudposse/terraform-aws-helm-release
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

many EKS components that provision Helm charts are using the helmfile-relese module, e.g.

https://github.com/cloudposse/terraform-aws-components/tree/main/modules/eks

Brennan avatar
Brennan

@Andriy Knysh (Cloud Posse) thanks! that example is great!

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

this allows us to have everything in Terraform - the core infrastructure components (VPC, EKS, etc.), and the components that are deployed on EKS clusters

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

the helm-release component allows provisioning external Helm Charts (from 3rd parties) as well as internal/custom charts, e.g. https://github.com/cloudposse/terraform-aws-components/tree/main/modules/eks/actions-runner-controller

yxxhero avatar
yxxhero

it’a good question. we will write more docs about how to setup helmfile for new project.

1
mayank2299 avatar
mayank2299

haque.zubair avatar
haque.zubair

I can help with the docs @yxxhero we should discuss where they will go

2024-08-14

2024-08-15

Brennan avatar
Brennan

Hi, follow-up question to ^. My understanding is that Atmos can run an EKS login command before running the helm commands. My question is: how do I specify which cluster and region in particular? Didn’t see this info in the examples or docs, but maybe I just missed it. Thanks!

Gabriela Campana (Cloud Posse) avatar
Gabriela Campana (Cloud Posse)

@Andriy Knysh (Cloud Posse)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

we have a few different scenarios here:

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

• Atmos does have this command https://atmos.tools/cli/commands/aws/eks-update-kubeconfig, but it does not run it automatically, you can run it manually and update the kubeconfig from the cluster (“login” to the cluster)

atmos aws eks update-kubeconfig | atmos

Use this command to download kubeconfig from an EKS cluster and saves it to a file.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

• If you are using Helmfile, then Atmos will execute the command aws --profile <profile> eks update-kubeconfig <cluster-name> , where <profile> is the AWS profile defined in atmos.yaml in helmfile.helm_aws_profile_pattern section (Atmos processes all the tokens ij the profilem pattern and replaces them with the context vars like tenant, environment, stage, etc <cluster-name> is the name of the EKS cluster defined in atmos.yaml in the helmfile.cluster_name_pattern section (again, Atmos replaces all the tokens with the context variables

See https://github.com/cloudposse/atmos/blob/main/examples/tests/atmos.yaml#L43 as an example

  helmfile:
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

• If you are using the `https://github.com/cloudposse/terraform-aws-helm-release Terraform module to provision Helm Charts with Terraform (not using Helmfile), see the examples of EKS components that use the module https://github.com/cloudposse/terraform-aws-components/tree/main/modules/eks https://github.com/cloudposse/terraform-aws-components/blob/main/modules/eks/external-dns/main.tf#L21

then Atmos does not access the EKS cluster and does not download the kubeconfig from it, Terraform code does that. It uses the EKS cluster remote state https://github.com/cloudposse/terraform-aws-components/blob/main/modules/eks/external-dns/remote-state.tf#L1 to get the cluster eks_cluster_oidc_issuer_url https://github.com/cloudposse/terraform-aws-components/blob/main/modules/eks/external-dns/main.tf#L40 and uses the TF helm provider which logs in to the cluster https://github.com/cloudposse/terraform-aws-components/blob/main/modules/eks/external-dns/provider-helm.tf https://github.com/cloudposse/terraform-aws-components/blob/main/modules/eks/external-dns/provider-helm.tf#L154 and provisions the Helm Chart

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@Brennan

Brennan avatar
Brennan

Thanks @Andriy Knysh (Cloud Posse), still going through your response but it’s quite helpful

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

if you are using Helmfile and atmos helmfile diff/apply commands, look at item #2

2024-08-17

pela2silveira avatar
pela2silveira

Hi community. Here is a little contribution to promote helmfile. I like it more everyday, so I have written two posts. Let me know if you like it:

https://medium.com/@pela2silveira/diving-deeper-into-helmfile-a3f77ba10d78

https://medium.com/@pela2silveira/why-is-not-a-good-idea-to-manage-helm-releases-with-terraform-helmfile-is-a-better-fit-3fd8be60b8e4

Diving Deeper into Helmfileattachment image

Exploring advanced concepts with this tool

Why is not a good idea to manage Helm releases with Terraform, Helmfile is a better fitattachment image

Quick analysis of Terraform integration with Helm, and a superior approach using Helmfile.

yxxhero avatar
yxxhero

2024-08-20

Brennan avatar
Brennan

Hi, Trying to figure out the data flow for Atmos + helmfile. How is, if it is, the generated ….helmfile.vars.yaml file supposed to be consumed? If it’s not supposed to be consumed, what does it do?

1
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

it’s exactly the same as for Terraform

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

Atmos generates a varfile for the component in the stack from the stack manifests

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

then executes the helmfile command and uses the argument --state-values-file to point to the generated varfile

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
--state-values-file stringArray         specify state values in a YAML file. Used to override .Values within the helmfile template (not values template).
    
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

you have a Helm Chart with some values (defined in values.yaml, and/or helmfile environment files with some values, and Atmos will generate the additional varfile and instruct Helmfile to use it

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

so the final values for the Helm release will be combined from at least three sources:

• Atmos generated varfile (values file)

• Helmfile environments and value files

• Helm Chart value file

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@Brennan

Brennan avatar
Brennan

hmm okay, that’s making sense. Thanks ! I think var vs value threw me off a bit

Chris Doherty avatar
Chris Doherty

Hey folks. Is there an appetite for this feature? https://github.com/helmfile/helmfile/discussions/178

#178 Sub-helmfile concurrency

In roboll/helmfile#591, there was discussion of allowing sub-helmfile releases to be installed concurrently. @mumoshu proposed the following design:

Given all that, I guess our best bet would be to give up controlling order of files under the directory, and only allow controlling the order and the parallelism of helmfiles: entries, extending the DAG feature(releases[].needs) to sub-helmfiles.

helmfiles:

  • name: infra path: helmfile.infra.yam
  • name: apps1 path: helmfile.apps1.yaml needs: infra
  • name: apps2 path: helmfile.apps2.yaml needs: infra

This results in Helmfile computing a DAG of helmfiles [ infra ] <– depends on [app1, app2]. As app1 and app2 being independent to each other after infra is given, helmfile will automatically install infra first, and then concurrently install app1 and app2.

This seems like an excellent idea that could be very helpful if you have a setup involving sub-helmfiles because it allows cleaner organization and separation of concerns, but, once all the releases and values are calculated, you still want the actual installation to be done in parallel for performance.

Obviously, I have no idea how much work this would be to implement, but, the fact that @mumoshu is the one who proposed it leads me to believe it’d be at least vaguely plausible to implement. I figured I’d re-post it here so it didn’t get lost in the repository transition.

1
Brennan avatar
Brennan

Hi again , trying to debug that when I run atmos helmfile apply what seems to be a correct kubeconfig gets generated as desired, but then I get failures by helm diff trying to connect via localhost.

Brennan avatar
Brennan

Seems to be home directory related actually. How does specify using the home directory in atmos.yaml for where to local the kubeconfig info? Had trouble with $HOME as well.

yxxhero avatar
yxxhero

do you want to set kubecofnig flag in helmfile?

Brennan avatar
Brennan

trying to set the home directory in the atmos.yaml file.

Brennan avatar
Brennan

more specifically it seems like this example can use env vars but if I try "{{ .Env.HOME }}/" … it seems to be taken literally.

2024-08-21

Brennan avatar
Brennan

Hello, I had an inquiry about the demo-helmfile example:

Catalog file

Stack file

Helmfile My understanding is that the stack file pulls in the catalog file and then changes it to be of the “real” type. Then I believe that the helmfile gets included via the key/value pair “component: nginx”. Some of the previous terminology may be off, but I think that’s the general idea.

My inquiry is are the vars of the catalog entry supposed to be injected into the helmfile’s nginx release? How mapping to the nginx release work and how are they picked up? Does it use the state-values-file? I noticed this empty values section in the helmfile. Is that related?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Best to ask in atmos

Brennan avatar
Brennan

@Erik Osterman (Cloud Posse) done, thanks!

    keyboard_arrow_up