{"id":17592946,"url":"https://github.com/travisghansen/argo-cd-helmfile","last_synced_at":"2025-04-03T10:09:24.743Z","repository":{"id":38078693,"uuid":"234651601","full_name":"travisghansen/argo-cd-helmfile","owner":"travisghansen","description":"Integration between argo-cd and helmfile","archived":false,"fork":false,"pushed_at":"2024-10-03T02:28:34.000Z","size":62,"stargazers_count":239,"open_issues_count":15,"forks_count":57,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-27T09:09:05.778Z","etag":null,"topics":["argo-cd","continuous-delivery","continuous-deployment","continuous-integration","gitops","helm","helmfile","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/travisghansen.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-17T23:04:07.000Z","updated_at":"2025-03-25T10:42:12.000Z","dependencies_parsed_at":"2023-12-15T21:54:10.510Z","dependency_job_id":"68bf6989-0de0-4b6d-8465-0d9301f53cb9","html_url":"https://github.com/travisghansen/argo-cd-helmfile","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/travisghansen%2Fargo-cd-helmfile","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/travisghansen%2Fargo-cd-helmfile/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/travisghansen%2Fargo-cd-helmfile/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/travisghansen%2Fargo-cd-helmfile/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/travisghansen","download_url":"https://codeload.github.com/travisghansen/argo-cd-helmfile/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246981171,"owners_count":20863827,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argo-cd","continuous-delivery","continuous-deployment","continuous-integration","gitops","helm","helmfile","kubernetes"],"created_at":"2024-10-22T05:44:19.971Z","updated_at":"2025-04-03T10:09:24.707Z","avatar_url":"https://github.com/travisghansen.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Image](https://img.shields.io/docker/pulls/travisghansen/argo-cd-helmfile.svg)\n![Image](https://img.shields.io/github/actions/workflow/status/travisghansen/argo-cd-helmfile/main.yml?branch=master\u0026style=flat-square)\n\n# Intro\n\nSupport for `helmfile` with `argo-cd`.\n\n`argo-cd` already supports `helm` in 2 distinct ways, why is this useful?\n\n- It helps decouple configuration from chart development\n- It's similar to using a repo type of `helm` but you can still manage\n  configuration with git.\n- Because I like the power afforded using `helmfile`'s features such as\n  `environments`, `selectors`, templates, and being able to use `ENV` vars as\n  conditionals **AND** values.\n- https://github.com/helmfile/helmfile/blob/main/docs/writing-helmfile.md\n- https://github.com/helmfile/helmfile/blob/main/docs/shared-configuration-across-teams.md\n\n# Security\n\nPlease make note that `helmfile` itself allows execution of arbitrary scripts.\nDue to this feature, execution of arbitrary scripts are allowed by this plugin,\nboth explicitly (see `HELMFILE_INIT_SCRIPT_FILE` env below) and implicity.\n\nConsider these implications for your environment and act appropriately.\n\n- https://github.com/roboll/helmfile#templating (`exec` description)\n- https://github.com/helmfile/helmfile/pull/1 (can disable `exec` using env vars)\n- the execution pod/context is the `argocd-repo-server`\n\n# Installation\n\n- https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/\n\n## Sidecar\n\nThis shows optional use of sops/age integration. You may add/remove others as necessary.\n\n```yaml\nrepoServer:\n  volumes:\n  ...\n  - name: age-secret-keys\n    secret:\n      secretName: argocd-age-secret-keys\n  - emptyDir: {}\n    name: helmfile-cmp-tmp\n\n  extraContainers:\n  - name: helmfile-plugin\n    image: travisghansen/argo-cd-helmfile:latest\n    command: [/var/run/argocd/argocd-cmp-server]\n    env:\n    ...\n    - name: SOPS_AGE_KEY_FILE\n      value: /sops/age/keys.txt\n    securityContext:\n      runAsNonRoot: true\n      runAsUser: 999\n    volumeMounts:\n      ...\n      - mountPath: /sops/age\n        name: age-secret-keys\n      - mountPath: /var/run/argocd\n        name: var-files\n      - mountPath: /home/argocd/cmp-server/plugins\n        name: plugins\n      - mountPath: /tmp\n        name: helmfile-cmp-tmp\n```\n\n## ConfigMap (deprecated)\n\n```yaml\n    configManagementPlugins: |\n      - name: helmfile\n        init:                          # Optional command to initialize application source directory\n          command: [\"argo-cd-helmfile.sh\"]\n          args: [\"init\"]\n        generate:                      # Command to generate manifests YAML\n          command: [\"argo-cd-helmfile.sh\"]\n          args: [\"generate\"]\n\n```\n\n```yaml\n  volumes:\n  - name: custom-tools\n    emptyDir: {}\n\n  initContainers:\n  - name: download-tools\n    image: alpine:3.8\n    command: [sh, -c]\n    args:\n      - wget -qO /custom-tools/argo-cd-helmfile.sh https://raw.githubusercontent.com/travisghansen/argo-cd-helmfile/master/src/argo-cd-helmfile.sh \u0026\u0026\n        chmod +x /custom-tools/argo-cd-helmfile.sh \u0026\u0026\n        wget -qO /custom-tools/helmfile https://github.com/roboll/helmfile/releases/download/v0.138.7/helmfile_linux_amd64 \u0026\u0026\n        chmod +x /custom-tools/helmfile\n    volumeMounts:\n      - mountPath: /custom-tools\n        name: custom-tools\n  volumeMounts:\n  - mountPath: /usr/local/bin/argo-cd-helmfile.sh\n    name: custom-tools\n    subPath: argo-cd-helmfile.sh\n  - mountPath: /usr/local/bin/helmfile\n    name: custom-tools\n    subPath: helmfile\n```\n\n# Usage\n\nConfigure your `argo-cd` app to use a repo/directory which holds a valid\n`helmfile` configuration. This can be a directory which contains a\n`helmfile.yaml` **OR** `helmfile.yaml.gotmpl` file **OR** a `helmfile.d` directory containing any number of\n`*.yaml` or `*.yaml.gotmpl` files. You cannot have both configurations.\n\nThere are a number of specially handled `ENV` variables which can be set (all\noptional):\n\n- `HELM_BINARY` - custom path to `helm` binary\n- `HELM_TEMPLATE_OPTIONS` - pass-through options for the templating operation\n  `helm template --help`\n- `HELMFILE_BINARY` - custom path to `helmfile` binary\n- `HELMFILE_USE_CONTEXT_NAMESPACE` - do not set helmfile namespace to `ARGOCD_APP_NAMESPACE`,\n  for use with multi-namespace apps\n- `HELMFILE_GLOBAL_OPTIONS` - pass-through options for all `helmfile`\n  operations `helmfile --help`\n- `HELMFILE_TEMPLATE_OPTIONS` - pass-through options for the templating\n  operation `helmfile template --help`\n- `HELMFILE_INIT_SCRIPT_FILE` - path to script to execute during init phase\n- `HELMFILE_HELMFILE` - a complete `helmfile.yaml` or `helmfile.yaml.gotmpl` content\n- `HELMFILE_HELMFILE_STRATEGY` - one of `REPLACE` or `INCLUDE`\n  - `REPLACE` - the default option, only the content of `HELMFILE_HELMFILE` is\n    rendered, if any valid files exist in the repo they are ignored\n  - `INCLUDE` - any valid files in the repo **AND** the content of\n    `HELMFILE_HELMFILE` are rendered, precedence is given to\n    `HELMFILE_HELMFILE` should the same release name be declared in multiple\n    files\n- `HELMFILE_CACHE_CLEANUP` - run helmfile cache cleanup on init\n\nOf the above `ENV` variables, the following do variable expansion on the value:\n\n- `HELMFILE_GLOBAL_OPTIONS`\n- `HELMFILE_TEMPLATE_OPTIONS`\n- `HELM_TEMPLATE_OPTIONS`\n- `HELMFILE_INIT_SCRIPT_FILE`\n- `HELM_DATA_HOME`\n\nMeaning, you can do things like:\n\n- `HELMFILE_GLOBAL_OPTIONS=\"--environment ${ARGOCD_APP_NAME} --selector cluster=${CLUSTER_ID}`\n\nAny of the standard `Build Environment` variables can be used as well as\nvariables declared in the application spec.\n\n- https://argoproj.github.io/argo-cd/user-guide/config-management-plugins/#environment\n- https://argoproj.github.io/argo-cd/user-guide/build-environment/\n\n## Helm Plugins\n\nTo use the various helm plugins the recommended approach is the install the\nplugins using the/an `initContainers` (explicitly set the `HELM_DATA_HOME` env\nvar during the `helm plugin add` command) and simply set the `HELM_DATA_HOME`\nenvironment variable in your application spec (or globally in the pod). This\nprevents the plugin(s) from being downloaded over and over each run.\n\n```yaml\n# repo server deployment\n  volumes:\n  ...\n  - name: helm-data-home\n    emptyDir: {}\n\n# repo-server container\n  volumeMounts:\n  ...\n  - mountPath: /home/argocd/.local/share/helm\n    name: helm-data-home\n\n# init container\n  volumeMounts:\n  ...\n  - mountPath: /helm/data\n    name: helm-data-home\n\n    [[ ! -d \"${HELM_DATA_HOME}/plugins/helm-secrets\" ]] \u0026\u0026 /custom-tools/helm-v3 plugin install https://github.com/jkroepke/helm-secrets --version ${HELM_SECRETS_VERSION}\n    chown -R 999:999 \"${HELM_DATA_HOME}\"\n\n# lastly, in your app definition\n...\nplugin:\n  env:\n  - name: HELM_DATA_HOME\n    value: /home/argocd/.local/share/helm\n```\n\nIf the above is not possible/desired, the recommended approach would be to use\n`HELMFILE_INIT_SCRIPT_FILE` to execute an arbitrary script during the `init`\nphase. Within the script it's desireable to run `helm plugin list` and only\ninstall the plugin only if it's not already installed.\n\n## Custom Init\n\nYou can use the `HELMFILE_INIT_SCRIPT_FILE` feature to do any kind of _init_\nlogic required including installing helm plugins, downloading external files,\netc. The value can be a relative or absolute path and the file itself can be\ninjected using an `initContainers` or stored in the application git repository.\n\n# Development\n\n```\n# format before commit\nshfmt -i 2 -ci -w src/argo-cd-helmfile.sh\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftravisghansen%2Fargo-cd-helmfile","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftravisghansen%2Fargo-cd-helmfile","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftravisghansen%2Fargo-cd-helmfile/lists"}