#helmfile - May 2020

Hi all, am trying to deploy my values into Jenkins environment using helm install Jenkins stable/jenkins --value helm/jenkins-values.yaml but I keep getting some depreciation error. Any help would be highly appreciated

Hi, should it be possible for a helmfile environment to have multiple values files with them merged? eg:

 environments:
   default:
     secrets:
       - ../environments/default/secrets.yaml
     values:
       - ../environments/common.yaml
       - ../environments/default/values.yaml

HI all, I installed some resources using helm3 in default namespace. What would be proper way to move everything in another namespace without disruption?

Hi Guys. This is probably more related to helm secrets than helmfile itself but I am wondering if I am missing a flag or something when using helmfile .
I have a SOPS encrypted secret e.g. bitbucket.key which does get decrypted when using helmfile into bitbucket.key.dec and the original file get deleted. But the problem is helmfile still tries to load origin bitbucket.key which obviously doesn't exist.

failed to read jenkins.yaml: environment values file matching "../secrets/bitbucket.key" does not exist in "."

It should be loading bitbucket.key.dec or decrypt it to bitbucket.key in the first place. Does anybody know what I am doing wrong here? Thanks in advance for your help.

Hi guys, helmfile diff shows a change in the deployment but helmfile sync does not re-create the pods. Why is that?

Oh my bad this is a helm question rather

Can anyone help me understand the difference between values and valuesTemplate? The only place I see valuesTemplate mentioned in the docs is https://github.com/roboll/helmfile/blob/master/docs/writing-helmfile.md - but it's still not clear to me how they are different. I tried reading through issue 428 as mentioned in the doc and unfortunately it did not clear anything up for me.

Hi! does anyone know how to get past running helmfile against GKE (helm2/tiller installed with TLS enabled) with this error:

  Error: transport is closing

a better question is, how can I enable helm tls for a specific helmfile environment?

I've got a some values that I need to set for all of my releasees based on values from AWS SSM Param store, anyone know how to make something like this work?

templates:
  default: &default
    valuesTemplate:
      secret: secretref+awsssm://{{ .Values.repo }}/{{ .Environment.Name }}/secret?region=us-west-1

releases:

  - name: app-{{ .Values.branchSlug }}
    version: 1.0
    values:
      - repo: app
    <<: *default

As is I'm getting error during apps.yaml.part.0 parsing: template: stringTemplate:28:48: executing "stringTemplate" at <.Values.repo>: map has no entry for key "repo"

Does anyone know how one can execute a command inside the deployed pod of a specific release?

That is not something you would do as part of a helm release unless it were passed in as part of the starting argument for a container.

you can use init containers to run initialization commands against a shared volume. otherwise using pre-sync hooks you can spin up containers to run commands (https://github.com/roboll/helmfile/issues/538)

@Zachary Loeber thanks for the reply. This would be part of a ci/cd pipeline and triggering a server update after deployment. But this job can fail and might need to be re-triggered. Not sure if using initContainer in this case will be the best, especially in some cases where you might want to run the update command optionally

What is it you're trying to do? It is possible to run a command inside a specific existing pod, but I don't recommend it. Using a job (https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/) is usually a better option.

I've done something similar in the past for one-shot operations via a single pod (for the most part the only reason you'd ever want to run just a single pod). The helmfile looked something like this:

- name: kafka-init
chart: incubator/raw
namespace: database
values:
- resources:
- kind: Pod
apiVersion: v1
metadata:
name: kafka-init
spec:
restartPolicy: Never
containers:
- name: kafka-init
image: {{ requiredEnv "CONTAINERREPOSITORY" }}/{{ requiredEnv "STACK_KAFKA_INIT_IMAGE" }}:{{ requiredEnv "STACK_KAFKA_INIT_IMAGE_TAG" }}
# command:
# - /usr/bin/init_connectors.sh"
imagePullPolicy: Always
env:
- name: 'JDBCPASSWORD'
value: '{{ env "JDBCPASSWORD" | default "secretjdbcpassword@azurekeyvault" }}'
- name: 'JDBCURL'
value: '{{ env "JDBCURL" | default "secretjdbcurl@azurekeyvault" }}'
- name: 'STORAGEACCOUNTNAME'
value: '{{ env "STORAGEACCOUNTNAME" }}'
- name: 'STORAGEACCOUNTKEY'
value: '{{ env "STORAGEACCOUNTKEY" | default "secretstorageaccountkey@azurekeyvault" }}'
- name: 'JDBCDATABASE'
value: '{{ env "JDBCDATABASE" }}'
- name: 'JDBCUSER'
value: '{{ env "JDBCUSER" }}'
- name: 'JDBCSERVER'
value: '{{ env "JDBCSERVER" }}'
- name: 'JDBCSCHEMA'
value: '{{ env "JDBCSCHEMA" }}'
- name: SCHEMAREGISTRYHOST
value: '{{ env "STACK_KAFKA_SCHEMA_REGISTRY" }}'
- name: 'KAFKACONNECTHOST'
value: 'confluent-kafka-cp-kafka-connect.database.svc'
- name: 'ZOOKEEPERHOST'
value: 'STACK_ZOOKEEPER_HOST'
- name: 'CONNECT_PLUGIN_PATH'
value: '/usr/share/java'
- name: 'CONNECT_VALUE_CONVERTER_SCHEMAS_ENABLE'
value: 'false'
- name: 'CONNECT_KEY_CONVERTER_SCHEMAS_ENABLE'
value: 'false'
- name: 'CONNECT_INTERNAL_VALUE_CONVERTER'
value: 'org.apache.kafka.connect.json.JsonConverter'
- name: 'CONNECT_INTERNAL_KEY_CONVERTER'
value: 'org.apache.kafka.connect.storage.StringConverter'
- name: 'KAFKA_BOOTSTRAP_SERVERS'
value: '{{ env "STACK_KAFKA_BOOTSTRAP_SERVERS" }}'
- name: 'KAFKA_BROKERS'
value: '{{ env "STACK_KAFKA_DEFAULT_REPLICA_COUNT" | default "3" }}'

That is overly complex and you can see where I later had the image itself run a default command (thus commenting out the command)

but it was for initializing a kafka instance after the fact in a cicd pipeline

Interesting

Well for my case it's pretty straightforward I think

I have a helmfile which updates 2-3 releases or so at once when running helmfile sync

yeah, same deal though. you could use a raw chart to run a pod

On one specific release of the 3 after it has properly rolled out

but also, if the commands are simple enough, you could also simply use kubectl run as well 🙂

It should exec -it update-modules in any of the replica pods

yeah it's just a single command but it should be run on that specific deployment after it rolled our properly

and I don't want to maintain separate variables in my gitlab-ci where I hardcode the deployment names or so

gotcha, maybe join the office hours chat happening right now and ask if anyone else has better ideas

ah nice 🙂

I can just bust in and ask questions? 😄

yup, Erik will ask multiple times usually

Do recent version of helmfile still support helm 2?

I believe so but I'd start migrating to 3 🙂

hello I'm having some issue with helmfile, i can't figure out if I'm doing something wrong or if it's intended:
So i've this helmfile which will call another helmfile. You can see that I'm trying to override 1 value.

helmfiles:
  - path: base-opt-in/kube-janitor.yaml
    values:
      - kubejanitor:
          dryRun: false

This is the other helmfile where I have all my default values (that i do not want to repeat)

repositories:
  - name: hjacobs
    url: <https://raw.githubusercontent.com/hjacobs/kube-janitor/master/unsupported/helm>

releases:
  - name: kube-janitor
    chart: hjacobs/kube-janitor
    namespace: kube-system
    values:
      - image:
          repository: hjacobs/kube-janitor
          tag: '19.12.0'
          pullPolicy: IfNotPresent
        kubejanitor:
          dryRun: true
          debug: true
          once: true

Hi Team,
i have a requirement to club 3 files and make a configmap file like this and it will work.
 {{- range list "dev.properties" "properties.conf" "properties.json" }}
However i want pass these names from the values file. I could not able to make the correct syntax. can some one help on it
{{- range list .Values.propertiesFileEnv, .Values.propertiesFileCommon, .Values.propertiesFileJson }}    <<< there is a syntax error here...
"," is not supported , but what could be the separator..

Hey all, can helmfile set a kubernetes auth context per release or only per helmfile? I have a bunch of releases I want to go out in parallel, but they are across different clusters

Hello all, I have a question: how would you propose in helmfile to pull/reference a helm chart from Azure Container Registry? So if for example I have ACR with login server named _acrX.azurecr.io_, and inside of it there is a repository named repoX/chartX, and inside of it there are it's versions, how would I need to update my helmfile (or possibly some other files) to pull/reference that chart?

repositories:
  - name: ?
    url: ?
    username: ?
    password: ?
    . . .

Hi all, is anyone using helmfile and kustomize together?

Hi guys, I suppose I am doing something wrong if I use a helmfile for staging and production and separate them by environment

?

Because if I specify the environment the releases not belonging to it are deleted...

This was revealing btw: https://www.reddit.com/r/kubernetes/comments/am5mcq/helmfile_how_to_deal_with_different_versions_in/

I tried every possible combination on earth to get a value from environments: x:

But nothing works, this is terribly confusing

hello everyone, i just got introduces to helmfile and this is turning out to be a great tool for our use case. Appreciate you all working on this making this better day by day.

I got this working with a bunch of addons , but i want to have a time lag between 2 of my addons. i.e iwant to introduce some kind of a delay

Hi I was wondering if it's possible to modify a value from a hook. Usecase: getting data from an existing secret with kubectl and pass it to another release as value. Or is there another way to achieve that?

@Michael Seiwald I'm trying to achieve something similar, I'm building a pipeline where I deploy the application and then I need to run a command inside of a working pod as many times as needed until I get a good exit code

still fiddling with it

# Ordered list of releases.
helmfiles:
  - "releases/coredns.yaml"
  - "releases/external-dns.yaml"
  - "releases/ingress.yaml"
  - "releases/certmgr.yaml"
  - "releases/certissuer.yaml"
  - "releases/dashboard.yaml"

I have the above charts to be installed in multiple clusters.
Now to achieve this, i organized my directory like this using environment:

environments:
  cluster1:
    values:
      - ../cluster1.yaml

So can do helmfile -e cluster1 sync. But this does not seems to be working that way. Any suggestions ?

Getting the following error:

err: no releases found that matches specified selector() and environment(cluster1), in any helmfile

Does anyone have a suggestion on how to execute a command on a specified release pod? After I make the deployment I like to have a step in my CI pipeline that runs a module update which can fail. It should retry 4-5 times before calling it quits but for that I need to execute it in another step after deployment several times. Any suggestions?

# Ordered list of releases.
helmfiles:
  - "releases/external-dns.yaml"
  - "releases/dashboard.yaml"

in helmfile , is there a way to introduce time delay between 2 addons, like external dns and dashboad. I specify an interval of 5m for external dns so i do not hit rate limit (this is in AWS). So between external-dns and dashboard i want a time delay. Is it possible ? Any ideas ?

I'm modifying some helm values files in a presync hook for a release. The same release loads those variable files as input to the helm chart. It would appear that the modifications are not making it into the helm chart

Is it possible to specify the helm version to use per release with helmfile?

Hey guys! 👋 I’m new to helmfile and I was wondering if there’s a way to pass context/arguments to templated values files that we reference from a release, similarly to the way we can pass context/arguments to templates when using include? In my case, I have a plain yaml file listing my releases (./releases.yaml) and I’m using the range operator to generate the release entries, with a reference to an external values file for each release, like so:

releases:
{{ range readFile "./releases.yaml" | fromYaml | get "releases" }}
- name: {{ .name }}
  values:
  - ./values/{{ .name }}.yaml.gotmpl
{{ end }}

What I would like to do is pass the current data item (the current iteration of range) to the external values go template, so that I may dynamically reference its properties from within that template. Is it at all possible?

Hey All, can someone help me understand why i can't use this value being set in my environment? I'm setting a simple key/value, pulling in the file with what seems to be no issue, but if I try to access {{ .Values.region }} I get this error still that it's not defined

I'm trying to figure out if there is a way I can get it so that in each helmfileenvironment, I define a kubeContext var, and then under helmDefaults set kubeContext to the value of {{ .Values.kubeContext }}

I can't seem to understand why doing kubectl exec pod command in a helmfile hook does not print the output to stdout

guys ? when we can expect merge for https://github.com/roboll/helmfile/pull/1172 ?

@mumoshu ping ^

Had anyone else had trouble with values file includes in helmfile requiring different relative paths depending on the directory you're executing helmfile from ?

something I ran across the other day, 'jxl' (jenkins-x labs) includes enhancements for supporting helm 3 and helmfiles for spinning up apps : https://jenkins-x.io/docs/labs/enhancements/proposals/2/readme/

Hi there, I’m curious if there is a way (and RTFM is a perfect answer) to get helmfile to print out just the rendered/merged values files from a specified environment. From what I understand it does all of this before going into executing on the selected operation for the releases defined. I’d like to run some preflight/sanity checks on the values that are about to be applied to releases.

How do I use release secrets if secrets have to be in environment values

Hello - is anyone using the new jsonPatches feature?

Is there a way in helmfile where i can stop it to upgrade job and stateful sets.Actually currently what is happening is that i have labels in helm charts but when i use helmfile to upgrade the deployed helm charts it is failing because job and statefull sets cannot be updated(i.e. cannot add labels in my case).

Hi. I see that if I use --debug I can see where helmfile generates the actual values.yaml file that helm uses to do the install/upgrade. I can even go view them on disk, which is really nice. Is there any way to generate a values file for a particular release? I tried a lot of things, and in particular helmfile build looked promising, but it doesn't seem to have a lot of options, and only generates what the helmfile.yaml looks like (which is super helpful, don't get me wrong), not the values for each release (which I template heavily).

Can I use helmfile to apply straight yaml from a url as if it were a chart instead of having to transpose the thing into a raw chart?

Yep, we have done that for configmaps

Use exec curl

ah, clever, thanks

I'm trying to pass all helmfile release labels as helm values under helmfileLabels . Something like

    setTemplate:
    {{ range $key,$value := .Release.Labels }}
    - name: {{ printf " helmfileLabels.%s" $key}}
      value: {{$value}}
    {{ end }}

but, as expected, .Release.Labels is evaluated later than range cycle.
Stuff like

    setTemplate:
    {{`{{ range $key,$value := .Release.Labels }}`}}
    - name: {{`{{ printf " helmfileLabels.%s" $key}}`}}
      value: {{`{{$value}}`}}
    {{`{{ end }}`}}

doesn't pass too. Any ideas on how to implement this ?