8 messages
Questions and discussion around helmfile https://github.com/roboll/helmfile and https://github.com/cloudposse/helmfiles
Archive: https://archive.sweetops.com/helmfile/
bhavin vyasover 3 years ago
can i have dedicated service account to run helm hook with High RBAC permission ? while Main conatieners dont have privilage RBAC rules
Arenover 3 years ago
Hey everyone. Quick question for anyone who might have a possible solution. Trying to clean up the env-vars that get used across apps as there's quite a bit of repetition. Wanted to find out if there's a way to stack env-vars so we can break out common vars into a shared-values folder of some kind. Essentially repo structure is as follows:
environments helmfile.yaml -s contain
tenants helmfile looks like
Using this along side ArgoCD.
With multiple apps that share the same values across them, constantly updating those across every app that has a reference to a commonly used env-var, starts to get tedious. Lets say all apps have the same DB strings across them, and we've rotated the DB endpoint, I'd have to update this across every app. My idea was to try and break this out into a shared values folder that sits at the same level as the tenants folder. What isn't clear is how I can leverage that in the helmfile.yaml. I suppose it would look something:
Curious if anyone has any experience with something like this?
├── environemtns/
│ ├── env-1/
│ │ └── backend/
│ │ └── app/
│ │ ├── values.yaml
│ │ ├── secrets.enc
│ │ └── helmfile.yaml
│ └── env-2/
│ └── backend/
│ └── app/
│ ├── values.yaml
│ ├── secrets.enc
│ └── helmfile.yaml
├── tenants/
│ └── backend/
│ └── helmfile.yaml
└── lib/
└── app/
└── helm-chartenvironments helmfile.yaml -s contain
helmfiles:
- path: 'path to tenants helmfile'
values:
- environmentName: env-1tenants helmfile looks like
environments:
default:
---
missingFileHandler: Error
helmDefaults:
verify: false
atomic: true
wait: true
cleanupOnFail: true
skipDeps: true
recreatePods: false
force: false
createNamespace: true # require Helm v3+
releases:
- name: app
namespace: backend
chart: "path to lib helm chart"
values:
- ../../environments/{{ .Values.environmentName}}/backend/app/values.yaml
secrets:
- ../../environments/{{ .Values.environmentName}}/backend/app/secret.encUsing this along side ArgoCD.
With multiple apps that share the same values across them, constantly updating those across every app that has a reference to a commonly used env-var, starts to get tedious. Lets say all apps have the same DB strings across them, and we've rotated the DB endpoint, I'd have to update this across every app. My idea was to try and break this out into a shared values folder that sits at the same level as the tenants folder. What isn't clear is how I can leverage that in the helmfile.yaml. I suppose it would look something:
releases:
- name: app
namespace: backend
chart: "path to lib helm chart"
values:
- ../../environments/{{ .Values.environmentName}}/backend/app/values.yaml
- ../shared-values/databases.yaml
secrets:
- ../../environments/{{ .Values.environmentName}}/backend/app/secret.encCurious if anyone has any experience with something like this?
Ryan Shelbyover 3 years ago(edited)
Hello team,
I am using helmfile and am needing some more information on how to reference azure key vault. I looked at https://github.com/variantdev/vals#azure-key-vault and my helmfile looks like this.
But it is not passing in the key from AKV. Any help would be appreciated
I am using helmfile and am needing some more information on how to reference azure key vault. I looked at https://github.com/variantdev/vals#azure-key-vault and my helmfile looks like this.
- name: artifactoryurl: blahusername: "svc_govna_tools"password: "<ref+azurekeyvault://blah/blah>"releases:# Published chart example- name: artifactorynamespace: systemlabels:app: operatorchart: blahversion: 0.5.0values:- values.yamlrecreatePods: trueforce: trueBut it is not passing in the key from AKV. Any help would be appreciated
Herman Smithover 3 years ago
Oh I didn't realize I was in a #helmfile chart here, useful 😄
Can anyone explain why Helmfile might be used over just using helm subcharts, please?
Can anyone explain why Helmfile might be used over just using helm subcharts, please?
yxxheroover 3 years ago(edited)
https://github.com/helmfile/helmfile/releases/tag/v0.148.1 v0.148.1 released. enjoy it. looking for feedback.
Ilya Shaisultanovabout 3 years ago(edited)
Hi folks,
For some reason
is this not correct or am I misunderstanding this option?
The defaults for the helmfile are
Edit: solved
For some reason
waitForJobs: false on a release seems to have no effect - helmfile (0.145.3) still waits for the cronjob to run. I'm setting it like so- name: foo
namespace: foo
chart: repo/foo
version: 1.1.0
waitForJobs: falseis this not correct or am I misunderstanding this option?
The defaults for the helmfile are
helmDefaults:
atomic: true
cleanupOnFail: true
historyMax: 30
timeout: 1200
wait: truehelm binary is 3.5.3Edit: solved
Radoabout 3 years ago(edited)
Hey 👋
I’m new to Helmfile (and Helm) and need some help.
I want to have a conditional part of some configuration for a release without using Environment Values.
Is it possible to have an
I tried something like this, but the
SOLVED
this works:
I’m new to Helmfile (and Helm) and need some help.
I want to have a conditional part of some configuration for a release without using Environment Values.
Is it possible to have an
{{ if … }} expression based on an environment variable?I tried something like this, but the
if block doesn’t seem to evaluate the env var at all:releases:
- name: ...
...
values:
...
- config: |
...
# Redis
{{ if env "INSTALL_THING" | default false }}
thing.enabled = on
thing.host = ...
{{ end }}SOLVED
this works:
{{ if eq (env "INSTALL_THING") "true" }}
...
{{ end }}
Balazs Vargaabout 3 years ago
what I do wrong? I would like to add more volumeClaimTemplates using helmfile.
Influx v1 already have one, and I would like to add a second one.
using jsonpatch:
with strategicmerge:
when I run helmfile template I see the additional pvc-s, but when I run apply I got nothing to change ....
Influx v1 already have one, and I would like to add a second one.
using jsonpatch:
target:
group: apps
version: v1
kind: StatefulSet
name: influxdb
patch:
- op: add
path: /spec/volumeClaimTemplates/-
value:
metadata:
annotations: null
name: v2db
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "6Gi"
storageClassName: "gp2-delete-encrypted"
- op: add
path: /spec/volumeClaimTemplates/-
value:
metadata:
annotations: null
name: vv2config
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
storageClassName: "gp2-delete-encrypted"with strategicmerge:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ regexFind ".*" .Release.Name }}
spec:
volumeClaimTemplates:
- metadata:
annotations: null
name: v2db
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "6Gi"
storageClassName: "gp2-delete-encrypted"
- metadata:
annotations: null
name: vv2config
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "6Gi"
storageClassName: "gp2-delete-encrypted"
- metadata:
annotations: null
name: influx-data
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
storageClassName: "gp2-delete-encrypted"when I run helmfile template I see the additional pvc-s, but when I run apply I got nothing to change ....