useHelmSecrets does not append secrets to helm template command
#9119
Labels
deploy/helm
kind/friction
Issues causing user pain that do not have a workaround
priority/p2
May take a couple of releases
Comments
renzodavid9
added
deploy/helm
priority/p2
zasgar
pushed a commit
to gimbal-ai/gimbal
that referenced
this issue
Jul 9, 2024
…s (#393) Summary: We would like to deploy our secrets via skaffold. Previously, we would require users to run a "create_cloud_secrets.sh" secret to load in secrets encrypted by SOPS. More tools have been developed since, which allow you to decrypt SOPS secrets when running kustomize or helm. Unfortunately, the skaffold functionality with Helm secrets is currently broken (GoogleContainerTools/skaffold#9119) so we will need to rely on the "Kustomize SOPS" plugin in the meantime. https://github.com/viaduct-ai/kustomize-sops This PR adds ksops to our dev image. Relevant Issues: N/A Type of change: /kind infra Test Plan: kustomize build a file which uses the ksops plugin Signed-off-by: Michelle Nguyen <[email protected]> GitOrigin-RevId: 824969bc81a2a4085c281aa5933bd59c88b14735
zasgar
pushed a commit
to gimbal-ai/gimbal
that referenced
this issue
Jul 9, 2024
…s (#393) Summary: We would like to deploy our secrets via skaffold. Previously, we would require users to run a "create_cloud_secrets.sh" secret to load in secrets encrypted by SOPS. More tools have been developed since, which allow you to decrypt SOPS secrets when running kustomize or helm. Unfortunately, the skaffold functionality with Helm secrets is currently broken (GoogleContainerTools/skaffold#9119) so we will need to rely on the "Kustomize SOPS" plugin in the meantime. https://github.com/viaduct-ai/kustomize-sops This PR adds ksops to our dev image. Relevant Issues: N/A Type of change: /kind infra Test Plan: kustomize build a file which uses the ksops plugin Signed-off-by: Michelle Nguyen <[email protected]> GitOrigin-RevId: 824969bc81a2a4085c281aa5933bd59c88b14735
zasgar
pushed a commit
to gimbal-ai/gimbal
that referenced
this issue
Jul 9, 2024
…s (#393) Summary: We would like to deploy our secrets via skaffold. Previously, we would require users to run a "create_cloud_secrets.sh" secret to load in secrets encrypted by SOPS. More tools have been developed since, which allow you to decrypt SOPS secrets when running kustomize or helm. Unfortunately, the skaffold functionality with Helm secrets is currently broken (GoogleContainerTools/skaffold#9119) so we will need to rely on the "Kustomize SOPS" plugin in the meantime. https://github.com/viaduct-ai/kustomize-sops This PR adds ksops to our dev image. Relevant Issues: N/A Type of change: /kind infra Test Plan: kustomize build a file which uses the ksops plugin Signed-off-by: Michelle Nguyen <[email protected]> GitOrigin-RevId: 824969bc81a2a4085c281aa5933bd59c88b14735
zasgar
pushed a commit
to gimbal-ai/gimbal
that referenced
this issue
Jul 10, 2024
…s (#393) Summary: We would like to deploy our secrets via skaffold. Previously, we would require users to run a "create_cloud_secrets.sh" secret to load in secrets encrypted by SOPS. More tools have been developed since, which allow you to decrypt SOPS secrets when running kustomize or helm. Unfortunately, the skaffold functionality with Helm secrets is currently broken (GoogleContainerTools/skaffold#9119) so we will need to rely on the "Kustomize SOPS" plugin in the meantime. https://github.com/viaduct-ai/kustomize-sops This PR adds ksops to our dev image. Relevant Issues: N/A Type of change: /kind infra Test Plan: kustomize build a file which uses the ksops plugin Signed-off-by: Michelle Nguyen <[email protected]> GitOrigin-RevId: 824969bc81a2a4085c281aa5933bd59c88b14735
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected behavior
The
helm-secretsplugin allows users to pass encrypted secrets/values files to Helm. The plugin decrypts the secrets and passes the decrypted files for use in the Helm command, and is initiated by runninghelm secrets <usual command>. TheuseHelmSecretsconfig in Skaffold instructs skaffold to run helm with thesecretsplugin.When running
skaffold runwith a Helm release, I would expect skaffold to run thehelm secrets templatecommand.Actual behavior
When running
skaffold run -v DEBUGto deploy a Helm release withuseHelmSecrets: true, the Helm command clearly does not contain thesecretscall.Information
Steps to reproduce the behavior
useHelmSecrets: trueto a Helm release in the skaffold.yamlskaffold run -f skaffold.yaml -v DEBUGhelm templatecommand, notice it does not begin withhelm secrets.Possibly relevant/related issues: #7651
The text was updated successfully, but these errors were encountered: