oradwell
commented
3 weeks ago repository has moved. please open your issue here: https://github.com/helmfile/helmfile/issues
Open kundeng opened 3 weeks ago
oradwell
commented
3 weeks ago repository has moved. please open your issue here: https://github.com/helmfile/helmfile/issues
kundeng
commented
3 weeks ago I opened a discussion there, but I highly doubt I will get reply soon. LOL>
Summary: I would like to understand whether using Helmfile with Kustomize is recommended for patching upstream Kubernetes components (e.g., OpenShift storage or image registry). After reviewing the documentation and experimenting, I’ve encountered challenges that make it unclear whether this integration is suitable for declarative patch management. Specifically, I want to avoid relying on one-off imperative commands and manage everything as code.
Context:
My goal is to deploy and manage both infrastructure and applications declaratively, without running ad-hoc commands. For example, after installing an OpenShift cluster, I need to patch certain built-in components like storage operators or the image registry. These components are part of the upstream Kubernetes system and not tied to any specific application deployment.
Challenge:
I’ve encountered an issue when trying to patch these components using Kustomize within Helmfile. It seems I need to declare ownership of certain system components by adding special annotations. Without these annotations, Helm or Helmfile reports errors such as:
To apply patches smoothly, it looks like I need to add annotations like these to the upstream resources:
metadata: annotations: meta.helm.sh/release-name:
meta.helm.sh/release-namespace:
labels:
app.kubernetes.io/managed-by: Helm
These annotations effectively “claim ownership” of the resources on behalf of Helm, allowing Helmfile to manage them. However, this approach feels intrusive since it forces us to adopt control over components that should ideally remain under the upstream system’s management.
Question:
Thank you for your guidance!