Justas Glodenis
Reputation: 115
Helmfile Secrets Not Created in Namespace During Deployment
I'm using Helmfile to deploy my own Helm chart along with PostgreSQL, but I'm running into an issue where secrets are not being created in the namespace at all. This causes PostgreSQL and Redis to fail because they expect existing secrets for credentials.
Setup My deployment consists of the following:
- A primary Helm chart
- A bitnami PostgreSQL database chart
- Secret values managed using Helm Secrets with SOPS
helm/
project/
helmfile.yaml
environments/
base/
secrets.yaml
another-secret.yaml
values.yaml
prd/
secrets.yaml
another-secret.yaml
values.yaml
acc/
secrets.yaml
another-secret.yaml
values.yaml
dev/
secrets.yaml
another-secret.yaml
values.yaml
charts/
templates/
.sops.yaml
Chart.lock
Chart.yaml
- The base/ directory holds default values.
- Each environment-specific directory contains its own secrets and values.
Issue
- I specify the existingSecret and key name in values.yaml.
- Secrets are encrypted using helm secrets (SOPS) and should be decrypted at runtime.
- However, when deploying with helmfile sync, the secrets do not get created in the namespace.
- Even if the pods fail due to missing secrets, the secrets are still absent.
- Running helm secrets decrypt works fine, and I can see the decrypted values.
Example Values, Secrets and helmfile
#base values
MyPostgres:
auth:
existingSecret: "database-credentials-mypostgres"
secretKeys:
adminPasswordKey: "admin-password"
userPasswordKey: "user-password"
username: "myusername"
database: "my_db"
#environment values
MyPostgres:
primary:
resources:
requests:
...
limits:
...
#decrypted secret file
apiVersion: v1
kind: Secret
metadata:
name: database-credentials-mypostgres
type: Opaque
stringData:
admin-password: admin-pass
user-password: user-pass
#helm file
environments:
dev: {}
acc: {}
prd: {}
releases:
...
values:
- environments/base/values.yaml
- environments/{{ .Environment.Name }}/values.yaml
secrets:
- environments/base/secrets.yaml
- environments/{{ .Environment.Name }}/secrets.yaml
...
Question
Why are my secrets not being created at all? How can I make sure Helmfile properly initializes them before dependent charts like PostgreSQL and Redis attempt to use them?
Any insights or debugging tips would be greatly appreciated!
Upvotes: 0
Views: 54
Answers (0)
Related Questions
- Helmfile - overriding values from a parent chart value using Helmfile
- How to reference kubernetes secrets in helm chart?
- How to use secrets created via Hashicorp VAULT on Kubernetes pods
- Grafana helm chart with PostgreSQL instead of SQLite 3 - How to hide the database credentials
- Cannot connect to PostgreSQL in Helm as Dependency in Minikube
- Deploy Helm Charts in parallel with conditionals and dependencies
- Configuring sops/helm-secrets in flux
- Deploy Microservice to Kubernetes with PostgreSQL via using Helm
- Best way to manage ConfigMaps, PVC and Secrets with multiple Helm charts