My vote is for option 2: terraform-helmfile-provider

I second option 2

Option 3: Implement gomplate datasource that reads terraform states

I would like to see generic data source support. So we could at sometime have terraform state, vault, etc support. Personally I'm not overly fond of the terraform provider approach.

The reason why I am fond of the terraform provider approach is the majority of our Helmfiles depend on resources we can only provision with terraform. For example, IAM roles, RDS clusters, S3 buckets, EFS filesystems. With a Helmfile provider we could easily provision a service along with its dependencies in one phase.

On the other hand, today we need to provision those things in 2 different phases and pass the values between them.

I would much rather distribute a terraform module that provisioned a service e2e with all dependencies, both those in Kubernetes (helm) and those outside (IAM roles, etc)

@osterman Yeah that makes sense!

Probably loading terraform outputs is just for ease of interoperability for anyone wants Helmfile as the entry point for k8s deployments. The terraform-provider approach is for managing your whole infra as a whole while leveraging helmfile as a module.

How about forking a dedicated issue for the provider approach and moving towards actually implementing it?

@sstarcher, @mumoshu has now made this possible with https://github.com/mumoshu/terraform-provider-helmfile

JFYI @sstarcher, For the generic data source support you've suggested earlier, we already have vals integration in Helmfile.

https://github.com/variantdev/vals

906

Terraform states/ouputs are planned but not implemented. For other sources like AWS SSM, SeceretsManager, Vault, SOPS, you can use the vals integration.

I wonder how come this feature is not in higher demand.
I believe most of the community is using Terraform and it would be great if you could use its state as a source for variables such as IAM role, security group ID, etc.

The Helm provider is not a viable solution since it does not provide the diff output.
The Helmfile provider also does not provide a proper diff output - https://github.com/mumoshu/terraform-provider-helmfile/issues/7#issue-547532834

Perhaps it is possible to read the Terraform state using the exec function and template the values file accordingly?

Really very weird to not put this feature at the top of the top of priority !

As another data point, we prefer to decouple these. What we end up doing is using the tf template provider to create a yaml file as output that represents the state of the infra at that specific apply point and then bring that into the process for helmfile. Pretty similar approach (using outputs from tf to supply to helmfile) — just a matter of preference I think.

There are enough other features in helmfile that could stand to be added/improved, this seems an odd one to advocate for when there are very easy (and stable/safe) approaches already out there.

Thanks @kyounger, I like your approach :)

Btw, we already have the terraform output as values. Try using ref+tfstate as documented in https://github.com/variantdev/vals#terraform-tfstate

Hi @mumoshu,

I've tried using vals with ref+tfstate and got the following error: no provider registered for scheme "tfstate"

@dudicoco Thx for reporting. I believe that's fixed in v0.120.0. Would you mind testing it out?

@mumoshu I've tested it with v0.120.0 and can confirm that it's working!

Two issues though:

1. The tfstate must be a local file - is it possible to use a remote backend such as S3?
2. Is it possible to read from the state outputs block rather than the resources block?

Thanks

@dudicoco Thanks!

Regarding the remote backend and the outputs, I've updated the documentation to cover those. Please refer to https://github.com/variantdev/vals#terraform-tfstate

Thanks @mumoshu

I wasn't able to get the remote backend to work with the following backend configuration:

{
  "backend": {
    "type": "s3",
    "config": {
      "bucket": "terraform",
      "region": "us-east-1",
      "key": "path/file.tfstate"
    }
  }
}

Getting the following error:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1d71e0e]

goroutine 543 [running]:
github.com/fujiwara/tfstate-lookup/tfstate.(*TFState).Lookup(0x0, 0xc000270e9c, 0x17, 0x275d920, 0xc00009be60, 0xc000270e9c)
    /home/circleci/workspace/helmfile/vendor/github.com/fujiwara/tfstate-lookup/tfstate/lookup.go:167 +0x8e
github.com/variantdev/vals/pkg/providers/tfstate.(*provider).GetString(0x31ebc58, 0xc000270e80, 0x33, 0x0, 0x0, 0xc000270e00, 0x33)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/providers/tfstate/tfstate.go:33 +0x193
github.com/variantdev/vals.(*Runtime).Eval.func3(0xc00003c554, 0x3d, 0x41, 0xc000270e40, 0x8, 0x8)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/vals.go:237 +0xe57
github.com/variantdev/vals/pkg/expansion.(*ExpandRegexMatch).InString(0xc0003c3238, 0xc00003c550, 0x41, 0xc00039e018, 0x104993e, 0xc000039768, 0x10)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/expansion/expand_match.go:40 +0xe1
github.com/variantdev/vals/pkg/expansion.(*ExpandRegexMatch).InMap.func1(0xc00003c550, 0x41, 0xc000038730, 0xc00039e030, 0x10e2351, 0xc0008cc040)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/expansion/expand_match.go:52 +0x42
github.com/variantdev/vals/pkg/expansion.ModifyStringValues(0x1f51300, 0xc00082cbf0, 0xc00039f1d0, 0x1f51300, 0xc00082cbf0, 0xc000039700, 0x0)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/expansion/maputil.go:42 +0xe3e
github.com/variantdev/vals/pkg/expansion.ModifyStringValues(0x1ffb7e0, 0xc0001de060, 0xc0003c31d0, 0x1ffb7e0, 0xc0001de060, 0x0, 0x0)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/expansion/maputil.go:60 +0xb54
github.com/variantdev/vals/pkg/expansion.ModifyStringValues(0x1ffb7e0, 0xc0001de000, 0xc0003c31d0, 0x1ffb7e0, 0xc0001de000, 0xc000039600, 0x0)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/expansion/maputil.go:60 +0xb54
github.com/variantdev/vals/pkg/expansion.ModifyStringValues(0x1ffb7e0, 0xc000503f80, 0xc0003c31d0, 0x1ffb7e0, 0xc000503f80, 0xc000039600, 0x0)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/expansion/maputil.go:60 +0xb54
github.com/variantdev/vals/pkg/expansion.ModifyStringValues(0x1ffb7e0, 0xc000503f50, 0xc0003c31d0, 0x1ffb7e0, 0xc000503f50, 0x0, 0x0)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/expansion/maputil.go:60 +0xb54
github.com/variantdev/vals/pkg/expansion.ModifyStringValues(0x1ffb7e0, 0xc000503ec0, 0xc0003c31d0, 0x1ffb7e0, 0xc000503ec0, 0xc000136500, 0x0)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/expansion/maputil.go:60 +0xb54
github.com/variantdev/vals/pkg/expansion.ModifyStringValues(0x1ffea20, 0xc000503e90, 0xc0003c31d0, 0x0, 0xc00039f260, 0x13a5619, 0xc00039f2a0)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/expansion/maputil.go:83 +0x2d6
github.com/variantdev/vals/pkg/expansion.(*ExpandRegexMatch).InMap(0xc00039f238, 0xc000503e90, 0x0, 0xc000150000, 0x1f215a0)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/pkg/expansion/expand_match.go:51 +0x66
github.com/variantdev/vals.(*Runtime).Eval(0xc000502ae0, 0xc000503e90, 0x4f6, 0x1f215a0, 0xc0003940f8)
    /home/circleci/workspace/helmfile/vendor/github.com/variantdev/vals/vals.go:286 +0xcd
github.com/roboll/helmfile/pkg/state.(*HelmState).RenderValuesFileToBytes(0xc000135680, 0xc000270c40, 0x39, 0x6, 0xc000270980, 0x39, 0xc00082c720, 0x1)
    /home/circleci/workspace/helmfile/pkg/state/state.go:1839 +0x34a
github.com/roboll/helmfile/pkg/state.(*HelmState).generateTemporaryValuesFiles(0xc000135680, 0xc000260c20, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /home/circleci/workspace/helmfile/pkg/state/state.go:1918 +0x90b
github.com/roboll/helmfile/pkg/state.(*HelmState).generateVanillaValuesFiles(0xc000135680, 0xc0002f8280, 0x0, 0x0, 0x0, 0x0, 0xc0000d38f0)
    /home/circleci/workspace/helmfile/pkg/state/state.go:1975 +0x279
github.com/roboll/helmfile/pkg/state.(*HelmState).generateValuesFiles(0xc000135680, 0x279d1c0, 0xc000978100, 0xc0002f8280, 0x1, 0xc000260b40, 0x0, 0x2, 0x4, 0x21fefdd)
    /home/circleci/workspace/helmfile/pkg/state/state.go:2013 +0x4d
github.com/roboll/helmfile/pkg/state.(*HelmState).namespaceAndValuesFlags(0xc000135680, 0x279d1c0, 0xc000978100, 0xc0002f8280, 0x1, 0xc0009042c0, 0x4, 0x4, 0x0, 0x0, ...)
    /home/circleci/workspace/helmfile/pkg/state/state.go:2036 +0xb1
github.com/roboll/helmfile/pkg/state.(*HelmState).flagsForDiff(0xc000135680, 0x279d1c0, 0xc000978100, 0xc0002f8280, 0x1, 0x0, 0x0, 0x60, 0x60, 0xc0001462a0, ...)
    /home/circleci/workspace/helmfile/pkg/state/state.go:1782 +0x181
github.com/roboll/helmfile/pkg/state.(*HelmState).prepareDiffReleases.func2(0x1)
    /home/circleci/workspace/helmfile/pkg/state/state.go:1063 +0x370
github.com/roboll/helmfile/pkg/state.(*HelmState).scatterGather.func1(0xc000828180, 0xc0000386b0, 0x1)
    /home/circleci/workspace/helmfile/pkg/state/state_run.go:41 +0x30
created by github.com/roboll/helmfile/pkg/state.(*HelmState).scatterGather
    /home/circleci/workspace/helmfile/pkg/state/state_run.go:40 +0x195

@mumoshu please disregard my last comment, my AWS credentials expired.

I was able to use the tfstate feature with s3 backend, working as expected.

Thank you for this amazing feature! I believe this issue can be closed.

@dudicoco Glad it worked for you. Thanks for confirmation ☺️