Search code examples
contourhelmfile

Using Helmfile and HTTPProxy Custom Resource Definition

I am new to Helmfile, and still getting my head around it so apologies if I have just got this all wrong. My difficulty is that I want to add Custom Resource Defintion (in this case HttpProxy) to a deployment of Contour.

This is what I have so far. I am got Open Service Mesh up and running with a helmfile such as this:

repositories:
- name: osm
  url: https://openservicemesh.github.io/osm
 
releases:
- name: osm
  namespace: my-namespace
  chart: osm/osm
  version: '1.2.4'
  values:
  - ./values/osm.yaml
- ...

and am turning on Contour via the option in the ./values/osm.yaml file:

contour:
  enabled: true
  configInline.tls:
    envoy-client-certificate:
      name: osm-contour-envoy-client-cert

I now want to add my CRDs such as HttpProxy:

apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
  name: my-proxy
  namespace: my-namespace
spec:
  virtualhost:
    fqdn: localhost
    corsPolicy:
      allowCredentials: true
      allowOrigin:
        - "*"
      allowMethods:
        - GET
        - POST
        - OPTIONS
      allowHeaders:
        - "*"
      exposeHeaders:
        - "*"
      maxAge: "1s" # preflight requests can be cached for 10 minutes.  
  routes:
    - conditions:
      - prefix: my-route
      services:
        - name: my-svc
          port: 8080
          validation:
            caSecret: osm-system/osm-ca-bundle
            subjectName: default.my-namespace.cluster.local

but I have no idea where to add this? I know I could create a new chart for such definitions, but that feels wrong to me because the contour stuff should be with the osm definitions.

What is the right way of going about this?

Solution

  • Helmfile doesn't directly create Kubernetes resources; it only installs other Helm charts. Those can potentially be local charts. Since Helmfile operates a release at a time, you can use its needs: constraints to have the chart providing the CRD installed before the chart that uses it.

    So I'd create a new chart, maybe with a ./charts/proxy/Chart.yaml and the file you include in the question in ./charts/proxy/templates/httpproxy.yaml. You can then reference this in the helmfile.yaml as

    releases:
  - name: osm
    ...
  - name: proxy
    chart: ./charts/proxy
    needs:
      - osm

    Without needs:, Helmfile would try installing the two charts at the same time, which wouldn't necessarily work. If the OSM chart had an extension point where you could register additional resources, then Helm has an internal ordering and a CustomResourceDefinition will be installed before anything else, but only within a single chart.

    The other caveat is that, if you helmfile apply -l name=proxy to install only specific things, that won't include the osm dependency by default, and you may need another option like --include-transitive-needs if the dependency isn't already installed.