科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>kubernetes - Helmfile Secrets Not Created in Namespace During Deployment - Stack Overflow

    kubernetes - Helmfile Secrets Not Created in Namespace During Deployment - Stack Overflow

    programmeradmin0浏览0评论

    I'm using Helmfile to deploy my own Helm chart along with PostgreSQL, but I'm running into an issue where secrets are not being created in the namespace at all. This causes PostgreSQL and Redis to fail because they expect existing secrets for credentials.

    Setup My deployment consists of the following:

    • A primary Helm chart
    • A bitnami PostgreSQL database chart
    • Secret values managed using Helm Secrets with SOPS
    helm/
  project/
    helmfile.yaml
    environments/
      base/
        secrets.yaml
        another-secret.yaml
        values.yaml
      prd/
        secrets.yaml
        another-secret.yaml
        values.yaml
      acc/
        secrets.yaml
        another-secret.yaml
        values.yaml
      dev/
        secrets.yaml
        another-secret.yaml
        values.yaml
    charts/
    templates/
    .sops.yaml
    Chart.lock
    Chart.yaml
    • The base/ directory holds default values.
    • Each environment-specific directory contains its own secrets and values.

    Issue

    • I specify the existingSecret and key name in values.yaml.
    • Secrets are encrypted using helm secrets (SOPS) and should be decrypted at runtime.
    • However, when deploying with helmfile sync, the secrets do not get created in the namespace.
    • Even if the pods fail due to missing secrets, the secrets are still absent.
    • Running helm secrets decrypt works fine, and I can see the decrypted values.

    Example Values, Secrets and helmfile

    #base values
MyPostgres:
  auth:
    existingSecret: "database-credentials-mypostgres"
    secretKeys:
      adminPasswordKey: "admin-password"
      userPasswordKey: "user-password"
    username: "myusername"
    database: "my_db"

    #environment values
MyPostgres:
  primary:
    resources:
      requests:
        ...
      limits:
        ...

    #decrypted secret file
apiVersion: v1
kind: Secret
metadata:
    name: database-credentials-mypostgres
type: Opaque
stringData:
    admin-password: admin-pass
    user-password: user-pass


    #helm file
environments:
  dev: {}
  acc: {}
  prd: {}

releases:
...
    values:
      - environments/base/values.yaml
      - environments/{{ .Environment.Name }}/values.yaml
    secrets:
      - environments/base/secrets.yaml
      - environments/{{ .Environment.Name }}/secrets.yaml
...

    Question

    Why are my secrets not being created at all? How can I make sure Helmfile properly initializes them before dependent charts like PostgreSQL and Redis attempt to use them?

    Any insights or debugging tips would be greatly appreciated!

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论