helmfile icon indicating copy to clipboard operation
helmfile copied to clipboard
verified publisher icon roboll

helmfile diff/apply don't see changes to secrets

Open anorm opened this issue 3 years ago • 1 comments

If changes are made to a release which results in a kubernetes secret being changed, helmfile diff doesn't see the change causing helmfile apply to do nothing.

Running helmfile apply --show-secrets --suppress-secrets makes helmfile act as expected, upgrading the release without outputting the secret value to stdout.

I expected that:

  • Running helmfile apply would detect the changed secret and upgrade the release regardless of the --show-secrets and --suppress-secrets flags
  • The --show-secrets and --suppress-secrets flags would not affect the behavior of helmfile other than changing what is printed to stdout

Versions

❯ helmfile -v
helmfile version v0.144.0
❯ helm version
version.BuildInfo{Version:"v3.8.2", GitCommit:"6e3701edea09e5d55a8ca2aae03a68917630e91b", GitTreeState:"clean", GoVersion:"go1.17.5"}
❯ helm plugin list
NAME            VERSION DESCRIPTION
diff            3.4.2   Preview helm upgrade changes as a diff

anorm avatar May 11 '22 15:05 anorm

Have you change secret using stringData or data? stringData is "write only" so changes are not visible in diff. If you switch do data everything should work as expected. Important thing is that using data you need to encode values via base 64: password: {{ "foo" | b64enc }}

arkadius avatar May 12 '22 18:05 arkadius

Oops, forgot to answer. Yes, this was indeed the problem. Thank you :-)

anorm avatar Sep 28 '22 08:09 anorm