#helmfile - August 2020

anyone has objection on renaming --state-values-file to --prepend-values and adding --append-values?
https://github.com/roboll/helmfile/issues/1348

@mumoshu Not sure if this is a usual/tipical scenario but i started using helmfile in my CI/CD pipeline and one requirement I have is after the deployment is succesful (this can be confirmed with the wait parameter) I need to execute a manual command inside the deployed pod. For this I use the helmfile list with labels in order to identify the helm release name and then get the pod from the release name. Not sure if there's a better way to do this? I parse the output of helme list with json (which is why I also got an issue opened here https://github.com/roboll/helmfile/issues/1270)

Maybe I'm going about it the wrong way or something

Does anyone use helm3 in CI/CD ( maybe inside helmfile too)? How do you deal with missing real --force in helm3 compared to helm2? It looks like https://github.com/helm/helm/pull/7431 isn't going to be merged to add real force to helm3.

Hi Everyone,

i have come across a interesting requirement in my helm charts

kind: Deployment
spec:
  template:
    metadata:
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}

in this config , i need to change the configmap.yaml name dynamically w.r.t environment
Like this one
checksum/config: {{ include (print $.Template.BasePath "/configmap-{{ .Release.Name }}.yaml") . | sha256sum }}

OR
checksum/config: {{ include (print $.Template.BasePath "/configmap-{{ .Values.env }}.yaml") . | sha256sum }}

Does anyone have come across this situation ?

unfortunately, none of these will work

Hi,
I have a remote chart including somes yaml value files (i.e values-dev.yaml)
I thought I would have been able to do that:

releases:
  - name: xxx
    chart: helm-private-repo/foo
    values:
      - values-dev.yaml

But I have the following response:

in ./helmfile.yaml: failed processing release xxx: values file matching "values-dev.yaml" does not exist in "."

It is working when the chart is local but not working when the chart is remote. Is there a way to tell helmfile to use values-dev.yaml from the downloaded chart instead of trying to find values-dev.yaml in '.' ?

I'm trying to get some secrets from gcp secret manager into a string, but I'm having some issues. What I have is a reference to a secret in my common/dev.yaml file like so:

key1:
  user: "<ref+gcpsecrets://projectname/secret-name?version=latest#/path/to/user>"
  password: "<ref+gcpsecrets://projectname/secret-name?version=latest#/path/to/password>" 

The issue is that when I try to use the value of the secrets in a values.gotmpl file like so: string: "{{ .Values.key1.user }}:{{ .Value.key1.password}}" I get the actual string "<ref+gcpsecrets://projectname/secret-name?version=latest#/path/to/secret>" from each value, rather than the value of what the secret reference is. Is there any way to force the reference to be evaluated before being passed along? Or should i structure this some other way? The reason I have it like this is because I need to have the values combined into a string so that the code that is using these values is happy.

Is it possible to deploy a raw kubernetes manifest in helmfile/helm without using kubectl?
For example, If i want to deploy a kubernetes ingress only.

In practice do you guys just apply via sync or apply with helmfile in your ci/cd ?

No

Guys?
I am getting:

error during gitlab-test2.yaml.part.0 parsing: template: stringTemplate:22:24: executing "stringTemplate" at <.Values.foo.common.kind>: map has no entry for key "foo"

Not sure whats wrong...

environments:
  default:
    values:
        foo:
          common:
            kind: Secret

repositories:
- name: incubator
  url: <https://kubernetes-charts-incubator.storage.googleapis.com>

releases:

- name: test
  namespace: test
  createNamespace: true
  chart: incubator/raw
  version: 0.2.3
  values:
    - resources:
      - apiVersion: v1
        kind: {{ .Values.foo.common.kind }}

Guys? I am trying to add gitlab helm chart repository:

repositories:
- name: custom
  url: git+<https://gitlab.com/gitlab-org/charts/gitlab?ref=v4.2.1&sparse=0>

releases:
- name: gitlab
  namespace: gitlab
  createNamespace: true
  chart: custom/gitlab

, but getting:

COMBINED OUTPUT:
  Error in plugin 'helm-git': Target file name has to be either 'index.yaml' or a tgz release
  Error: looks like "git+<https://gitlab.com/gitlab-org/charts/gitlab?ref=v4.2.1&sparse=0>" is not a valid chart repository or cannot be reached: plugin "helm-git" exited with error

Any idea? Of course that I am aware of official charts ( another thing is that gitlab helm chart is somehow complicated, its using nested subcharts )

Thanks

Hi, is it really not possible to just specify a plain HTTPS URL for a sub-helmfile like this?

helmfiles:
  - path: <https://our-nexus/bla/bla/bla>
  - path: git::<ssh://git@>.....

The first URL gives a no matches for path error message. The second (git::ssh ) works..

@here So we've been a helmfile user for many years now. I think there were only a couple dozen stars on the repo when we started, now there are thousands. The project has transformed dramatically during this time and we've all benefited immensely from this. I just want to say how grateful I am for everyones help on this, but especially your's @mumoshu because it would not have been possible without it. I sincerely don't understand how you can be so productive on all these projects (helmfile, helm-diff, eksctl, brigade, helm, kube-aws, etc) and squash bugs as fast and tirelessly as you do, but you still manage to pull it off. If there ever was such a thing as a 10x engineer, you're the definition of it. Anyways, we appreciate all the tremendous effort you put forth not just on coding but also on supporting feature requests, answering questions, and just always being so helpful. I regret not stepping up sooner, but just want to share our support and hope others will too! https://github.com/sponsors/mumoshu

Hello could someone explain how condition is working, somehow I don't get it

Has anyone run into issues before when deploying releases in the same helmfile using needs: but the latter releases are using a custom resource created by a CRD from the earlier releases?

STDERR:
  Error: Failed to render chart: exit status 1: Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Vault" in version "<http://vault.banzaicloud.com/v1alpha1|vault.banzaicloud.com/v1alpha1>"
  Error: plugin "diff" exited with error

the Vault custom resource is created in the release previous and they are forming a dependency with needs:

Does anyone else know if its a bug or feature that you can't do an apply to a helmfile which contains two releases which have a CRD/CR relationship because of the helm-diff ?
The diff will run on both releases before the apply and the second release will fail becaues the CR it tries to diff doesn't exist as a type yet, since its created in the first chart by a CRD

can i use vals for helm repo credentials?

Eks+helm: I have many applications using helm charts but these charts also have a secrets.yaml. This contains an application.properties encrypted. I want to remove the username/password from the property file and store it in AWS SSM. This way I would be able to decrypt the property file, have its values in helmfile. After that create a ConfigMap template that gets populated based on the property values from helmfile.
I don’t want to commit the username/password so I would store it in AWS SSM. Though not sure if this is a good idea or how to pass the username/password to the deployment object and not have it in plain text. GoDaddy has this https://ca.godaddy.com/engineering/2019/04/16/kubernetes-external-secrets/ and I wonder if there are any other alternatives. Cheers
Ps. I use helm + helmfile + helm-git

just saw that even gitlab is using helmfile => https://gitlab.com/gitlab-com/gl-infra/k8s-workloads/gitlab-com

Does anyone know if you can use remote helm chart values? For instance:

releases:
- name: ingress-internal-{{ requiredEnv "PLATFORM_ENV" }}  # name of this release
    namespace: ingress    
    chart: ingress
    values:
    - git::<ssh://git@github.com:ORG/REPO.git//values/ingress/@internal_{{> requiredEnv "PLATFORM_ENV" }}.yaml?ref=master 
    wait: true
    condition: ingress-internal.enabled
    atomic: true
    installed: true

Hey @mumoshu, just ran across this funny little message 🙂

err 0: glob patterns in release values and secrets is not supported yet. please submit a feature request if necessary
err 1: glob patterns in release values and secrets is not supported yet. please submit a feature request if necessary

When using release templates what’s the difference between

values:
  - config/{{`{{ .Release.Name }}`}}/values.yaml

and

valuesTemplate:
  - config/{{`{{ .Release.Name }}`}}/values.yaml

?
There is not much info about this.

It’s interesting that for secrets there is no template or it’s a typo

Guys? How can I override variables if I am using:

# test-helmfile.yaml
environments:
  default:
    values:
      - foo: bar

helmfiles:
- ../../helmfiles.d/global-helmfile.yaml

# global-helmfile.yaml
environments:
  default:
    values:
      - foo: {{ env "FOO" }}

repositories:
releases:

helmfile -f test-helmfile.yaml apply

Problem is that foo is empty and is overriden by nested helmfile ..

hello all,

does anyone know if there is a way to specify environments per release?
example:

environments:
  development:
  staging:
  production:  

templates:
  app: &app
    namespace: {{ .Environment.Name }}
    chart: charts/{{`{{ .Release.Name }}`}}
    missingFileHandler: Error
    values:
      - apps/{{`{{ .Release.Name }}`}}/values.{{ .Environment.Name }}.yaml
      - apps/{{`{{ .Release.Name }}`}}/version.{{ .Environment.Name }}.yaml
      
releases:
  - name: MyApp
    <<: *app
  - name: MySecondApp
    <<: *app

here, is it possible to specify that MySecondApp is only for development?

(I see ways around it like having 3 separate helmfile.<environment>.yaml or having multiple templates but not ideal)

Does anyone else still have problems with releases going to different kubeContext are still getting duplicate release errors?

STDERR:
  Error: release: already exists

Hello! I'm trying to reuse values block for different helmfiles but getting template error:
template: stringTemplate:30:26: executing "stringTemplate" at <.Values.location>: map has no entry for key "location"
It works if i use the same values in "values block" instead of global environments. Any ideas on how to fix this? Or suggestions how to get what i want other way? Thanks! (I'd like to keep all in one file if possible)

--- 
 environments:
    default:
      values:
~_      - a: b

+ ---
  helmfiles:
~   - path: git::<https://git.com/ops/helmfile.git@base-helmfile.yaml?ref=master>
+   - path: git::<https://git.com/ops/helmfile.git@monitoring.yaml?ref=master>

v0.125.9: Merge pull request #1442 from roboll/fix-duplicate-with-kubectx-per-r…
c575587 (HEAD, tag: v0.125.9, origin/master, origin/HEAD, master) Merge pull request <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="688441462" data-permission-text="Title is private"...

v0.126.0: Fix build error after INLINECODE_0 addition
cd0ecc5 (HEAD, tag: v0.126.0, origin/master, origin/HEAD, master) Fix build error after helmfile build --embed-values addition
<a class="commit-link" data-hovercard-type="commit"...

Hey All, good morning 🙂 Is it intended that helmfile repos attempts to template all releases? I was attempting to use it as a pre-step to my releases and it was taking a long time to run. Looking at --debug, it appears to be templating all the releases.

ah, looks like the trick for my setup is not to supply an env

so no environments are imported/run into the main helmfile, have to use --allow-no-matching-release