have access to the chart files in hook before applying it

roboll / helmfile

Deploy Kubernetes Helm Charts

MIT License

4.05k stars 565 forks source link

have access to the chart files in hook before applying it #801

Open tonymayflower opened 5 years ago

tonymayflower commented 5 years ago

hello guys, I'm setting up helmfile for our production at tripadivisor. But I need some help from you for a specific need. Each of our project have a /tmpl dir containing secrets tmpl and we generate secrets with consul-template. the /tmpl is packaged with the chart and pushed into chrtmuseum repository. With helmfile, I want to apply a command to apply the command consule-template to generate secrets values and apply it with other values. To do that I did with hooks :

releases: {{ if eq .Environment.Name "staging" }}

name: grafana chart: chartmuseum/grafana version: "0.1.0" namespace: grafana missingFileHandler: Error hooks:
- events: ["presync"] showlogs: true command: "consul-template -vault-retry-attempts=1 -log-level=debug -vault-renew-token=false -template grafana/tmpl/secrets.yaml.tmpl:secrets.yaml -once" {{ end }}

but it seems the presync doesn't download the chart to have access to it, isn't it? I have a no such file or directory error ... Do you have an idea of how to manage it? thank you in advance

mumoshu commented 5 years ago

@dugouchet Hey! Thanks for trying Helmfile.

Unfortunately, Helmfile doesn't have access to the contents of automatically-downloaded charts. That's due to How Helmfile/Helm works - Under the hood, Helmfile just calls helm upgrade --install, and AFAIK helm upgrade doesn't extract files contained in chart archives.

A workaround that came to my mind is this:

hooks:
  command: "/bin/sh"
  args:
  - -c
  - "helm fetch chartmuseum/grafana --version 0.1.0 --untar && consul-template -vault-retry-attempts=1 -log-level=debug -vault-renew-token=false -template grafana/tmpl/secrets.yaml.tmpl:secrets.yaml -once"

helm fetch chartmuseum/grafana --version 0.1.0 --untar fetches the chart archive and extracts it under ./grafana, so that your consul-template command will read grafana/tmpl/secrets.yaml.tmpl without any problem.

mumoshu commented 5 years ago

Btw, this should ideally be done more declaratively. I'd appreciate any feature request towards that. Maybe add an configuration option to download the chart locally and fills the local chart path to a template variable?


releases:
- name: myapp
  chart: stable/mychart
  extractChartFiles:
  - tmpl/secrets.yaml.tmpl
  hooks:
    command: "/bin/sh"
    args:
    - -c
    - "consul-template -vault-retry-attempts=1 -log-level=debug -vault-renew-token=false -template {{`{{getChartFilePath "tmpl/secrets.yaml.tmpl"}}`}}:secrets.yaml -once"

tonymayflower commented 5 years ago

Thanks for your response @mumoshu. It's exactly what I did. I'll see if I have time and if it's interesting for users to have this feature.

conradj87 commented 5 years ago

A solution here would also be useful for people wanting to run Kustomize on-top of a helm chart.

mumoshu commented 5 years ago

@conradj87 Yeah that makes sense. Actually, that's what I did for helm-x and its integration with helmfile.