b91fd534ec
* fix: resolve issues #2281, #2270, #2269, and #2247 This commit addresses four critical bugs in helmfile: 1. **Issue #2281**: Fix array merging in --state-values-set - Problem: Arrays were being replaced entirely instead of merged element-by-element - Root cause: MergeMaps() didn't handle arrays, and mergo.Merge was used in some places - Solution: * Enhanced MergeMaps() with mergeSlices() and toInterfaceSlice() functions * Replaced mergo.Merge calls with MergeMaps in environment.go and create.go * Arrays now merge element-by-element, with nested maps merged recursively - Files changed: * pkg/maputil/maputil.go - Added array merging logic * pkg/maputil/maputil_test.go - Added comprehensive unit tests * pkg/environment/environment.go - Use MergeMaps instead of mergo.Merge * pkg/state/create.go - Use MergeMaps instead of mergo.Merge * test/integration/test-cases/issue-2281-array-merge/ - Integration test * test/integration/run.sh - Added new integration test 2. **Issue #2270**: Suppress AWS SDK debug logging - Problem: AWS SDK debug logs exposing sensitive information (tokens, auth headers) - Root cause: vals.New() called without LogOutput option - Solution: Set LogOutput to io.Discard in ValsInstance() - Files changed: * pkg/plugins/vals.go - Added LogOutput: io.Discard option 3. **Issue #2269**: Fix helmDefaults.skipDeps and helmDefaults.skipRefresh being ignored - Problem: skipRefresh only checked CLI flags, not helmDefaults or release settings - Root cause: Incomplete calculation at line 1559 in state.go - Solution: Added proper skipRefresh calculation mirroring skipDeps logic - Files changed: * pkg/state/state.go - Fixed skipRefresh calculation (lines 1522-1525, 1564) * pkg/state/skip_test.go - Added unit tests for skipDeps and skipRefresh 4. **Issue #2247**: Allow OCI charts without explicit version - Problem: OCI charts without version defaulted to "latest" which was then rejected - Root cause: getOCIQualifiedChartName() defaulted chartVersion to "latest" - Solution: Use release.Version directly without defaulting, only reject explicit "latest" - Files changed: * pkg/state/state.go - Remove default to "latest", use empty string * pkg/state/oci_chart_version_test.go - Added comprehensive unit tests * test/integration/test-cases/issue-2247/ - Integration test with registry * test/integration/run.sh - Added new integration test Fixes #2281, #2270, #2269, #2247 Signed-off-by: Aditya Menon <amenon@canarytechnologies.com> * fix: correct integration test for issue #2281 array merging The helmfile template needed to pass the 'top' values to the chart so that .Values.top is accessible in the template context. Changes: - Pass state values to chart values using toYaml - Adjusted indentation for proper YAML structure - Template now correctly accesses .Values.top for array data Test output now matches expected output with proper element-by-element array merging. Signed-off-by: Aditya Menon <amenon@canarytechnologies.com> * fix: make Helm version parsing more robust in issue-2247 test Improved version parsing to handle edge cases in CI environments: - Added fallback to 3.8 if version parsing fails - Added default values for HELM_MAJOR and HELM_MINOR - Prevents test failures due to version detection issues This ensures the test runs correctly across different environments and Helm versions. Signed-off-by: Aditya Menon <amenon@canarytechnologies.com> * debug: add diagnostic output for issue-2247 test failure Added debug logging to show: - helmfile command output when it succeeds unexpectedly - Helm version being used by the test This will help diagnose why the validation isn't triggering in CI. Signed-off-by: Aditya Menon <amenon@canarytechnologies.com> * fix: make OCI 'latest' validation work for all Helm versions The validation for explicit 'latest' in OCI charts was depending on helm.IsVersionAtLeast("3.8.0") which could fail if Helm version detection has issues in CI environments. Changes: - Remove Helm version check from validation - Always reject explicit 'latest' for OCI charts - Remove Helm version check from integration test - Update unit tests to expect 'latest' to fail for all Helm versions This ensures consistent behavior across all environments and Helm versions, fixing the CI failure where helm version detection was problematic. Fixes integration test failure in CI. Signed-off-by: Aditya Menon <amenon@canarytechnologies.com> * fix: remove unused helm parameter from getOCIQualifiedChartName Since the Helm version check was removed from the OCI validation, the helm parameter is no longer needed in getOCIQualifiedChartName. Changes: - Removed helm parameter from function signature - Updated all callers to not pass helm argument - Removed unused mockHelmExec test implementation - Removed unused imports (testutil, helmexec, chart) This resolves the golangci-lint unparam error. Signed-off-by: Aditya Menon <amenon@canarytechnologies.com> * test: update TestGetOCIQualifiedChartName to expect 'latest' rejection Updated test case for Helm 3.7.0 to expect error when using 'latest' since we now reject explicit 'latest' for all Helm versions, not just >= 3.8.0. This aligns the test with the updated validation logic that ensures consistent behavior across all Helm versions. Signed-off-by: Aditya Menon <amenon@canarytechnologies.com> * fix: handle set -e in issue-2247 integration test The integration test script is sourced by run.sh which has `set -e` enabled. When helmfile commands fail (as expected for validation tests), the script would exit immediately before capturing the exit code. This fix temporarily disables `set -e` around each helmfile command that may fail, allowing proper exit code capture and validation. This resolves the persistent CI test failure where the test would exit at Test 1.1 without showing any error message. Signed-off-by: Aditya Menon <amenon@canarytechnologies.com> * fix: add set -e handling for helm commands in issue-2247 test Extends the previous set -e fix to cover helm package and push commands in the registry tests (Test 2.2). These commands can fail and need proper error handling without triggering immediate script exit. This ensures: - helm package failures are caught and handled gracefully - helm push failures are caught and handled gracefully - Test can skip registry tests and pass with validation-only results - set -e is properly re-enabled after each command sequence Signed-off-by: Aditya Menon <amenon@canarytechnologies.com> --------- Signed-off-by: Aditya Menon <amenon@canarytechnologies.com> |
||
|---|---|---|
| .github | ||
| cmd | ||
| docs | ||
| examples | ||
| hack | ||
| logo | ||
| pkg | ||
| test | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitignore | ||
| .golangci.yaml | ||
| .goreleaser.yml | ||
| .readthedocs.yaml | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| Dockerfile.debian-stable-slim | ||
| Dockerfile.ubuntu | ||
| LICENSE | ||
| Makefile | ||
| README-zh_CN.md | ||
| README.md | ||
| SECURITY.md | ||
| USERS.md | ||
| go.mod | ||
| go.sum | ||
| main.go | ||
| mkdocs.yml | ||
README.md
Helmfile
Deploy Kubernetes Helm Charts
English | 简体中文
About
Helmfile is a declarative spec for deploying helm charts. It lets you...
- Keep a directory of chart value files and maintain changes in version control.
- Apply CI/CD to configuration changes.
- Periodically sync to avoid skew in environments.
To avoid upgrades for each iteration of helm, the helmfile executable delegates to helm - as a result, the following must be installed
Highlights
Declarative: Write, version-control, apply the desired state file for visibility and reproducibility.
Modules: Modularize common patterns of your infrastructure, distribute it via Git, S3, etc. to be reused across the entire company (See #648)
Versatility: Manage your cluster consisting of charts, kustomizations, and directories of Kubernetes resources, turning everything to Helm releases (See #673)
Patch: JSON/Strategic-Merge Patch Kubernetes resources before helm-installing, without forking upstream charts (See #673)
Status
May 2025 Update
- Helmfile v1.0 and v1.1 has been released. We recommend upgrading directly to v1.1 if you are still using v0.x.
- If you haven't already upgraded, please go over this v1 proposal here to see a small list of breaking changes.
Installation
1: Binary Installation
download one of releases
2: Package Manager
- Archlinux: install via
pacman -S helmfile - openSUSE: install via
zypper in helmfileassuming you are on Tumbleweed; if you are on Leap you must add the kubic repo for your distribution version once before that command, e.g.zypper ar https://download.opensuse.org/repositories/devel:/kubic/openSUSE_Leap_\$releasever kubic - Windows (using scoop):
scoop install helmfile - macOS (using homebrew):
brew install helmfile
3: Container
For more details, see run as a container
Make sure to run
helmfile initonce after installation. Helmfile uses the helm-diff plugin.
Getting Started
Let's start with a simple helmfile and gradually improve it to fit your use-case!
Suppose the helmfile.yaml representing the desired state of your helm releases looks like:
repositories:
- name: prometheus-community
url: https://prometheus-community.github.io/helm-charts
releases:
- name: prom-norbac-ubuntu
namespace: prometheus
chart: prometheus-community/prometheus
set:
- name: rbac.create
value: false
Sync your Kubernetes cluster state to the desired one by running:
helmfile apply
Congratulations! You now have your first Prometheus deployment running inside your cluster.
Iterate on the helmfile.yaml by referencing:
More complex examples
See: multi-env-helmfile
Docs
Please read complete documentation
Contributing
Welcome to contribute together to make helmfile better: contributing doc
Attribution
We use:
- semtag for automated semver tagging. I greatly appreciate the author(pnikosis)'s effort on creating it and their kindness to share it!
Users
Helmfile has been used by many users in production:
For more users, please see: Users