How would I pass secrets files to helmfile via CLI? - Githubissues

roboll / helmfile

Deploy Kubernetes Helm Charts

MIT License

4.04k stars 566 forks source link

How would I pass secrets files to helmfile via CLI? #1539

Open Vad1mo opened 3 years ago

Vad1mo commented 3 years ago

I would like to pass values and secrets as argument to the helmfile apply. The flag --state-values-file works only for values not secrets . I couldn't find the equivalent cli argument for the secret file

How would I pass secrets files to helmfile via CLI?

mumoshu commented 3 years ago

@Vad1mo Unfortunately It's impossible. The next possible way would be to use helmfile template to render some secrets items in your helmfile.yaml depending on what values you passed via --state-values-set or --state-values-file

Vad1mo commented 3 years ago

thank you for the tip @mumoshu, I have some difficulties understanding your recommendation

repositories:
  - name: jetstack
    url:  https://charts.jetstack.io

releases:
  - name: cert-manager
    namespace: cert-manager
    chart: jetstack/cert-manager
    version: v0.15.2
    values:
      - values.yaml.gotmpl
      - secrets.yaml.gotmpl

and then helmfile --state-values-set secrets.yaml ?

in the meantime I solved it via sops exec-file its a hack but it works

mumoshu commented 3 years ago

@Vad1mo Hey! Assuming you wanted to give arbitrary secret files to a release, rather than an environment secrets file, I had something along the line of the below in my mind:

repositories:
  - name: jetstack
    url:  https://charts.jetstack.io

releases:
  - name: cert-manager
    namespace: cert-manager
    chart: jetstack/cert-manager
    version: v0.15.2
    values:
      - values.yaml.gotmpl
      {{ if .Values.secretFile }}- {{ .Values.secretFile | quote }}{{end}}

and run it like helmfile --state-values-set secretFile=path/to/your/secrets.yaml.enc