305 lines
No EOL
16 KiB
YAML
305 lines
No EOL
16 KiB
YAML
# Chart repositories used from within this state file
|
|
#
|
|
# Use `helm-s3` and `helm-git` and whatever Helm Downloader plugins
|
|
# to use repositories other than the official repository or one backend by chartmuseum.
|
|
repositories:
|
|
# To use official "stable" charts a.k.a https://github.com/helm/charts/tree/master/stable
|
|
- name: stable
|
|
url: https://charts.helm.sh/stable
|
|
# To use official "incubator" charts a.k.a https://github.com/helm/charts/tree/master/incubator
|
|
- name: incubator
|
|
url: https://charts.helm.sh/incubator
|
|
# helm-git powered repository: You can treat any Git repository as a charts repository
|
|
- name: polaris
|
|
url: git+https://github.com/reactiveops/polaris@deploy/helm?ref=master
|
|
# Advanced configuration: You can setup basic or tls auth and optionally enable helm OCI integration
|
|
- name: roboll
|
|
url: roboll.io/charts
|
|
certFile: optional_client_cert
|
|
keyFile: optional_client_key
|
|
# username is retrieve from the environment with the format <registryNameUpperCase>_USERNAME for CI usage, here ROBOLL_USERNAME
|
|
username: optional_username
|
|
# username is retrieve from the environment with the format <registryNameUpperCase>_PASSWORD for CI usage, here ROBOLL_PASSWORD
|
|
password: optional_password
|
|
oci: true
|
|
passCredentials: true
|
|
# Advanced configuration: You can use a ca bundle to use an https repo
|
|
# with a self-signed certificate
|
|
- name: insecure
|
|
url: https://charts.my-insecure-domain.com
|
|
caFile: optional_ca_crt
|
|
# Advanced configuration: You can skip the verification of TLS for an https repo
|
|
- name: skipTLS
|
|
url: https://ss.my-insecure-domain.com
|
|
skipTLSVerify: true
|
|
|
|
# context: kube-context # this directive is deprecated, please consider using helmDefaults.kubeContext
|
|
|
|
# Path to alternative helm binary (--helm-binary)
|
|
# helmBinary: path/to/helm3
|
|
|
|
# Path to alternative lock file. The default is <state file name>.lock, i.e for helmfile.yaml it's helmfile.lock.
|
|
# lockFilePath: path/to/lock.file
|
|
|
|
# Default values to set for args along with dedicated keys that can be set by contributors, cli args take precedence over these.
|
|
# In other words, unset values results in no flags passed to helm.
|
|
# See the helm usage (helm SUBCOMMAND -h) for more info on default values when those flags aren't provided.
|
|
helmDefaults:
|
|
kubeContext: kube-context #dedicated default key for kube-context (--kube-context)
|
|
cleanupOnFail: false #dedicated default key for helm flag --cleanup-on-fail
|
|
# additional and global args passed to helm (default "")
|
|
args:
|
|
- "--set k=v"
|
|
# verify the chart before upgrading (only works with packaged charts not directories) (default false)
|
|
verify: true
|
|
# wait for k8s resources via --wait. (default false)
|
|
wait: true
|
|
# if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as --timeout (default false, Implemented in Helm3.5)
|
|
waitForJobs: true
|
|
# time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks, and waits on pod/pvc/svc/deployment readiness) (default 300)
|
|
timeout: 600
|
|
# performs pods restart for the resource if applicable (default false)
|
|
recreatePods: true
|
|
# forces resource update through delete/recreate if needed (default false)
|
|
force: false
|
|
# limit the maximum number of revisions saved per release. Use 0 for no limit. (default 10)
|
|
historyMax: 10
|
|
# when using helm 3.2+, automatically create release namespaces if they do not exist (default true)
|
|
createNamespace: true
|
|
# if used with charts museum allows to pull unstable charts for deployment, for example: if 1.2.3 and 1.2.4-dev versions exist and set to true, 1.2.4-dev will be pulled (default false)
|
|
devel: true
|
|
# When set to `true`, skips running `helm dep up` and `helm dep build` on this release's chart.
|
|
# Useful when the chart is broken, like seen in https://github.com/roboll/helmfile/issues/1547
|
|
skipDeps: false
|
|
# If set to true, reuses the last release's values and merges them with ones provided in helmfile.
|
|
# This attribute, can be overriden in CLI with --reset/reuse-values flag of apply/sync/diff subcommands
|
|
reuseValues: false
|
|
# propagate `--post-renderer` to helmv3 template and helm install
|
|
postRenderer: "path/to/postRenderer"
|
|
# cascade `--cascade` to helmv3 delete, available values: background, foreground, or orphan, default: background
|
|
cascade: "background"
|
|
# insecureSkipTLSVerify is true if the TLS verification should be skipped when fetching remote chart
|
|
insecureSkipTLSVerify: false
|
|
|
|
# these labels will be applied to all releases in a Helmfile. Useful in templating if you have a helmfile per environment or customer and don't want to copy the same label to each release
|
|
commonLabels:
|
|
hello: world
|
|
|
|
# The desired states of Helm releases.
|
|
#
|
|
# Helmfile runs various helm commands to converge the current state in the live cluster to the desired state defined here.
|
|
releases:
|
|
# Published chart example
|
|
- name: vault # name of this release
|
|
namespace: vault # target namespace
|
|
createNamespace: true # helm 3.2+ automatically create release namespace (default true)
|
|
labels: # Arbitrary key value pairs for filtering releases
|
|
foo: bar
|
|
chart: roboll/vault-secret-manager # the chart being installed to create this release, referenced by `repository/chart` syntax
|
|
version: ~1.24.1 # the semver of the chart. range constraint is supported
|
|
condition: vault.enabled # The values lookup key for filtering releases. Corresponds to the boolean value of `vault.enabled`, where `vault` is an arbitrary value
|
|
missingFileHandler: Warn # set to either "Error" or "Warn". "Error" instructs helmfile to fail when unable to find a values or secrets file. When "Warn", it prints the file and continues.
|
|
missingFileHandlerConfig:
|
|
# Ignores missing git branch error so that the Debug/Info/Warn handler can treat a missing branch as non-error.
|
|
# See https://github.com/helmfile/helmfile/issues/392
|
|
ignoreMissingGitBranch: true
|
|
# Values files used for rendering the chart
|
|
values:
|
|
# Value files passed via --values
|
|
- vault.yaml
|
|
# Inline values, passed via a temporary values file and --values, so that it doesn't suffer from type issues like --set
|
|
- address: https://vault.example.com
|
|
# Go template available in inline values and values files.
|
|
- image:
|
|
# The end result is more or less YAML. So do `quote` to prevent number-like strings from accidentally parsed into numbers!
|
|
# See https://github.com/roboll/helmfile/issues/608
|
|
tag: {{ requiredEnv "IMAGE_TAG" | quote }}
|
|
# Otherwise:
|
|
# tag: "{{ requiredEnv "IMAGE_TAG" }}"
|
|
# tag: !!string {{ requiredEnv "IMAGE_TAG" }}
|
|
db:
|
|
username: {{ requiredEnv "DB_USERNAME" }}
|
|
# value taken from environment variable. Quotes are necessary. Will throw an error if the environment variable is not set. $DB_PASSWORD needs to be set in the calling environment ex: export DB_PASSWORD='password1'
|
|
password: {{ requiredEnv "DB_PASSWORD" }}
|
|
proxy:
|
|
# Interpolate environment variable with a fixed string
|
|
domain: {{ requiredEnv "PLATFORM_ID" }}.my-domain.com
|
|
scheme: {{ env "SCHEME" | default "https" }}
|
|
# Use `values` whenever possible!
|
|
# `set` translates to helm's `--set key=val`, that is known to suffer from type issues like https://github.com/roboll/helmfile/issues/608
|
|
set:
|
|
# single value loaded from a local file, translates to --set-file foo.config=path/to/file
|
|
- name: foo.config
|
|
file: path/to/file
|
|
# set a single array value in an array, translates to --set bar[0]={1,2}
|
|
- name: bar[0]
|
|
values:
|
|
- 1
|
|
- 2
|
|
# set a templated value
|
|
- name: namespace
|
|
value: {{ .Namespace }}
|
|
# will attempt to decrypt it using helm-secrets plugin
|
|
secrets:
|
|
- vault_secret.yaml
|
|
# Override helmDefaults options for verify, wait, waitForJobs, timeout, recreatePods and force.
|
|
verify: true
|
|
wait: true
|
|
waitForJobs: true
|
|
timeout: 60
|
|
recreatePods: true
|
|
force: false
|
|
# set `false` to uninstall this release on sync. (default true)
|
|
installed: true
|
|
# restores previous state in case of failed release (default false)
|
|
atomic: true
|
|
# when true, cleans up any new resources created during a failed release (default false)
|
|
cleanupOnFail: false
|
|
# --kube-context to be passed to helm commands
|
|
# See https://github.com/roboll/helmfile/issues/642
|
|
# (default "", which means the standard kubeconfig, either ~/kubeconfig or the file pointed by $KUBECONFIG environment variable)
|
|
kubeContext: kube-context
|
|
# passes --disable-validation to helm 3 diff plugin, this requires diff plugin >= 3.1.2
|
|
# It may be helpful to deploy charts with helm api v1 CRDS
|
|
# https://github.com/roboll/helmfile/pull/1373
|
|
disableValidation: false
|
|
# passes --disable-validation to helm 3 diff plugin, this requires diff plugin >= 3.1.2
|
|
# It is useful when any release contains custom resources for CRDs that is not yet installed onto the cluster.
|
|
# https://github.com/roboll/helmfile/pull/1618
|
|
disableValidationOnInstall: false
|
|
# passes --disable-openapi-validation to helm 3 diff plugin, this requires diff plugin >= 3.1.2
|
|
# It may be helpful to deploy charts with helm api v1 CRDS
|
|
# https://github.com/roboll/helmfile/pull/1373
|
|
disableOpenAPIValidation: false
|
|
# limit the maximum number of revisions saved per release. Use 0 for no limit (default 10)
|
|
historyMax: 10
|
|
# When set to `true`, skips running `helm dep up` and `helm dep build` on this release's chart.
|
|
# Useful when the chart is broken, like seen in https://github.com/roboll/helmfile/issues/1547
|
|
skipDeps: false
|
|
# propagate `--post-renderer` to helmv3 template and helm install
|
|
postRenderer: "path/to/postRenderer"
|
|
# cascade `--cascade` to helmv3 delete, available values: background, foreground, or orphan, default: background
|
|
cascade: "background"
|
|
# insecureSkipTLSVerify is true if the TLS verification should be skipped when fetching remote chart
|
|
insecureSkipTLSVerify: false
|
|
# suppressDiff skip the helm diff output. Useful for charts which produces large not helpful diff, default: false
|
|
suppressDiff: false
|
|
|
|
|
|
# Local chart example
|
|
- name: grafana # name of this release
|
|
namespace: another # target namespace
|
|
chart: ../my-charts/grafana # the chart being installed to create this release, referenced by relative path to local helmfile
|
|
values:
|
|
- "../../my-values/grafana/values.yaml" # Values file (relative path to manifest)
|
|
- ./values/{{ requiredEnv "PLATFORM_ENV" }}/config.yaml # Values file taken from path with environment variable. $PLATFORM_ENV must be set in the calling environment.
|
|
wait: true
|
|
|
|
#
|
|
# Advanced Configuration: Nested States
|
|
#
|
|
helmfiles:
|
|
- # Path to the helmfile state file being processed BEFORE releases in this state file
|
|
path: path/to/subhelmfile.yaml
|
|
# Label selector used for filtering releases in the nested state.
|
|
# For example, `name=prometheus` in this context is equivalent to processing the nested state like
|
|
# helmfile -f path/to/subhelmfile.yaml -l name=prometheus sync
|
|
selectors:
|
|
- name=prometheus
|
|
# Override state values
|
|
values:
|
|
# Values files merged into the nested state's values
|
|
- additional.values.yaml
|
|
# One important aspect of using values here is that they first need to be defined in the values section
|
|
# of the origin helmfile, so in this example key1 needs to be in the values or environments.NAME.values of path/to/subhelmfile.yaml
|
|
# Inline state values merged into the nested state's values
|
|
- key1: val1
|
|
- # All the nested state files under `helmfiles:` is processed in the order of definition.
|
|
# So it can be used for preparation for your main `releases`. An example would be creating CRDs required by `releases` in the parent state file.
|
|
path: path/to/mycrd.helmfile.yaml
|
|
- # Terraform-module-like URL for importing a remote directory and use a file in it as a nested-state file
|
|
# The nested-state file is locally checked-out along with the remote directory containing it.
|
|
# Therefore all the local paths in the file are resolved relative to the file
|
|
path: git::https://github.com/cloudposse/helmfiles.git@releases/kiam.yaml?ref=0.40.0
|
|
# If set to "Error", return an error when a subhelmfile points to a
|
|
# non-existent path. The default behavior is to print a warning and continue.
|
|
missingFileHandler: Error
|
|
|
|
#
|
|
# Advanced Configuration: Environments
|
|
#
|
|
|
|
# The list of environments managed by helmfile.
|
|
#
|
|
# The default is `environments: {"default": {}}` which implies:
|
|
#
|
|
# - `{{ .Environment.Name }}` evaluates to "default"
|
|
# - `{{ .Values }}` being empty
|
|
environments:
|
|
# The "default" environment is available and used when `helmfile` is run without `--environment NAME`.
|
|
default:
|
|
# Everything from the values.yaml is available via `{{ .Values.KEY }}`.
|
|
# Suppose `{"foo": {"bar": 1}}` contained in the values.yaml below,
|
|
# `{{ .Values.foo.bar }}` is evaluated to `1`.
|
|
values:
|
|
- environments/default/values.yaml
|
|
# Each entry in values can be either a file path or inline values.
|
|
# The below is an example of inline values, which is merged to the `.Values`
|
|
- myChartVer: 1.0.0-dev
|
|
# Any environment other than `default` is used only when `helmfile` is run with `--environment NAME`.
|
|
# That is, the "production" env below is used when and only when it is run like `helmfile --environment production sync`.
|
|
production:
|
|
values:
|
|
- environments/production/values.yaml
|
|
- myChartVer: 1.0.0
|
|
# disable vault release processing
|
|
- vault:
|
|
enabled: false
|
|
## `secrets.yaml` is decrypted by `helm-secrets` and available via `{{ .Environment.Values.KEY }}`
|
|
secrets:
|
|
- environments/production/secrets.yaml
|
|
# Instructs helmfile to fail when unable to find a environment values file listed under `environments.NAME.values`.
|
|
#
|
|
# Possible values are "Error", "Warn", "Info", "Debug". The default is "Error".
|
|
#
|
|
# Use "Warn", "Info", or "Debug" if you want helmfile to not fail when a values file is missing, while just leaving
|
|
# a message about the missing file at the log-level.
|
|
missingFileHandler: Error
|
|
missingFileHandlerConfig:
|
|
# Ignores missing git branch error so that the Debug/Info/Warn handler can treat a missing branch as non-error.
|
|
# See https://github.com/helmfile/helmfile/issues/392
|
|
ignoreMissingGitBranch: true
|
|
# kubeContext to use for this environment
|
|
kubeContext: kube-context
|
|
|
|
#
|
|
# Advanced Configuration: Layering
|
|
#
|
|
# Helmfile merges all the "base" state files and this state file before processing.
|
|
#
|
|
# Assuming this state file is named `helmfile.yaml`, all the files are merged in the order of:
|
|
# environments.yaml <- defaults.yaml <- templates.yaml <- helmfile.yaml
|
|
bases:
|
|
- environments.yaml
|
|
- defaults.yaml
|
|
- templates.yaml
|
|
|
|
#
|
|
# Advanced Configuration: API Capabilities
|
|
#
|
|
# 'helmfile template' renders releases locally without querying an actual cluster,
|
|
# and in this case `.Capabilities.APIVersions` cannot be populated.
|
|
# When a chart queries for a specific CRD or the Kubernetes version, this can lead to unexpected results.
|
|
#
|
|
# Note that `Capabilities.KubeVersion` is deprecated in Helm 3 and `helm template` won't populate it.
|
|
# All you can do is fix your chart to respect `.Capabilities.APIVersions` instead, rather than trying to figure out
|
|
# how to set `Capabilities.KubeVersion` in Helmfile.
|
|
#
|
|
# Configure a fixed list of API versions to pass to 'helm template' via the --api-versions flag with the below:
|
|
apiVersions:
|
|
- example/v1
|
|
|
|
# Set the kubeVersion to render the chart with your desired Kubernetes version.
|
|
# The flag --kube-version was deprecated in helm v3 but it was added again.
|
|
# For further information https://github.com/helm/helm/issues/7326
|
|
kubeVersion: v1.21 |