#helmfile - October 2023

heyho! we're redesigning our ci/cd using helmfile + argocd. we want to use helmfile to describe/compose our deployments and render them with "helmfile template" into a dir where argocd picks up the result and deploys it.

is there a good way to specify labels that are applied to all k8s manifests during "helmfile template"? we need to add those to collect usage statistics for cost optimizing purposes. I've searched the docs and haven't found a solution, so I'd appreciate any help/hints 😄

Can anyone explain what "installed" means when you run helmfile list?
I can see how the enabled attribute can change based on the condition but installed always seems to be true.

goccy/go-yaml in v1 mode is giving me hard time by double escaping backward slash and this breaks intended behaviour. sample helmfile.yaml.gotmpl:

repositories:
- name: open-telemetry
  url: <https://open-telemetry.github.io/opentelemetry-helm-charts>

releases:
- name: opentelemetry-collector
  namespace: opentelemetry
  chart: open-telemetry/opentelemetry-collector
  version: 0.72.0
  disableValidationOnInstall: true
  values:
  - mode: deployment
    config:
      processors:
        tail_sampling:
          policies:
          - name: drop_noisy_traces_by_url
            type: string_attribute
            string_attribute:
              key: http.url
              values:
              - \.(js|css|json) # <--- this line is problematic
              enabled_regex_matching: true
              invert_match: true

with HELMFILE_V1MODE=true HELMFILE_GOCCY_GOYAML=false helmfile template |grep css -A5 -B5 resulting config map value is okay:

          string_attribute:
            enabled_regex_matching: true
            invert_match: true
            key: http.url
            values:
            - \.(js|css|json)
          type: string_attribute
    receivers:
      jaeger:
        protocols:
          grpc:

but with HELMFILE_V1MODE=true HELMFILE_GOCCY_GOYAML=true helmfile template | grep css -A5 -B5 it's double escaped for some reason and isn't what i need

          string_attribute:
            enabled_regex_matching: true
            invert_match: true
            key: http.url
            values:
            - \\.(js|css|json)
          type: string_attribute
    receivers:
      jaeger:
        protocols:
          grpc:

How do I explain that I don't want this double escape? I already tried single and double quotes for this string, they didn't have any effect. Also tried some esoteric escaping like

{{` \.(js|css|json) `}}

to no avail.

I'm having escaping problems too.
Prometheus rules are a pain because they also use {{ and }} as well as variables using like $labels.blah.
In theory you can surround the lot by {{ and }} however this still fails where you encounter Helm charts that use the tpl and toYaml functions...

Hey Team, I am sure this is quite an easy task for an experienced helmfile writer but I could not figure it out: How do I reference all external secrets that I load with

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: "{{ .Release.Name }}-external-secrets"
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  target:
    name: "{{ .Release.Name }}-vault-secrets" # name of the Kubernetes `Secret` resource that will be created
    creationPolicy: Owner
  dataFrom:
    - extract:
        key: some/path/in/our/vault/{{ required "Namespace is required" $.Release.Namespace }}/{{required ".Values.clusterEnvironment not set" $.Values.clusterEnvironment}} # path to the secrets in Vault

I would like to add all secrets in vault as key value pairs to the following list:

externalSecrets:
  clusterEnvironment: {{ .Values.clusterEnvironment }}
  labelEnvironment: {{ .Values.labelEnvironment }}
  VaultSecrets:
{{ .Values.{{ .Release.Name }}-external-secrets | expandSecretRefs | toYaml | indent 4 }}

this does not work but I have no idea how to deal with the helmfile/helm templating at this point.. Any suggestions greatly appreciated!

I'm wondering why I'm getting the following warning when I'm pretty sure I have adjusted it in my helmfile.yaml file:

WARNING: environments and releases cannot be defined within the same YAML part. Use --- to extract the environments into a dedicated part

We have a legacy system which uses kustomize and new setup which uses helm/helmfile. We are trying to create a single values.yaml for both setups where we can define e.g. image tags, and most of our services use the common tag with few exceptions. I know templates are a big no for Kustomize but we want to add a values variable for image tag which can be overridden by helmfile. At the moment chartify only allows patch in values.yaml but we have flexibity to add vars in kustomize yaml files e.g. {{ .Values.NewTag }} . Unfortunately, this doesn't work because chartify when creating chart adds it to files/. My question is, Is it possible to change this behaviour i.e. can we somehow direct chartify to unpack kustomize files in temaplates/ folder?

Wondering if anyone has worked through a solution for helm-diff not supporting a means of selectively ignoring parts of a diff that will perpetually show a change (e.g. ca bundles)?

Hi, I found an old issue where --reset-values is added by default to helmfile sync (and presumably apply) (roboll/helmfile#63). I found that interesting and I fully agree with the reasoning.
The only suggestion I have is to document this more visibly. The only hint at it seems to be the reuseValues option, however, it is not documented there (or elsewhere, as far as I can tell), that Helmfile deliberately differs from Helm’s default behavior.

Is strategicMergePatches suitable for adding new kubernetes resources (not just fields)?

hi folks, new to helmfile.. thanks for having me 🙂
whats going to be a good/best practice for breaking out my releases into a well designed directory structure ?