Locally synced remote Helm charts + Umbrella Chart + Helmfile does not recognize values.yaml

[armenr]

Our workflow is somewhat paranoid for security-related reasons. In addition to seeing/diffing every change to every helm chart we depend on (from one place), we also require this workflow approach for offline k8s & platform development.

As such, we prefer to vend helm charts from our local repository. We use Tanzu/Carvel's tool vendir to locally sync all manifests, crds, and helm charts from their origins/remote repositories.

So, I have a fully cloned local copy of the argocd helm chart (from argoproj, not bitnami) that I want to use, as opposed to referencing a potentially mutative remote chart.

I have a helmfile that looks like this:

helmfile.yaml

helmDefaults:
  wait: true
  timeout: 600
  recreatePods: true
  force: false
  skipDeps: false
  verify: false
  atomic: true
  cleanupOnFail: true

commonLabels:
  system: argocd

releases:
  - name: argocd
    installed: true
    namespace: argocd
    createNamespace: true
    chart: .                           # <--- does NOT respect values.yaml
    version: ~4.2.1
    missingFileHandler: Warn
    values:
      - values.yaml

Chart.yaml

apiVersion: v2
name: argo-cd
description: Kubernetes continuous deployment system
type: application
version: 4.2.1
appVersion: "2.3.1"  # ArgoCD version

dependencies:
# local example
  - name: argo-cd
    repository: 'file://../../vendor-dependencies/argo-cd/synced/helm-chart/'
    version: ~4.2.1

values.yaml

# app-bases/argo-cd/values.yaml

dex:
  enabled: false
redis-ha:
  enabled: false

When I helmfile sync this way, helmfile does not disable dex server & redis-ha.

When I use the following helmfile config, it does disable redis-ha & dex server. It requires that I set skipDeps to true and that I also reference the locally synced helm chart directly from the helmfile.yaml.

helmDefaults:
  wait: true
  timeout: 600
  recreatePods: true
  force: false
  skipDeps: true            # <--- MUST ignore dependencies in this configuration
  verify: false
  atomic: true
  cleanupOnFail: true

commonLabels:
  system: argocd

releases:
  - name: argocd
    installed: true
    namespace: argocd
    createNamespace: true
    chart: "../../vendor-dependencies/argo-cd/synced/helm-chart/"      # <--- DOES respect values.yaml
    version: ~4.2.1
    missingFileHandler: Warn
    values:
      - values.yaml

Could someone please tell me if this is expected behavior? I'm new to helmfile, so I'm already guessing I'm probably misunderstanding or misusing helmfile + helm.

Thank you for your incredible work on this amazing tool! :)

For reference, here's a simplified overview of our directory layout as well:

├── Makefile
├── README.md
└── lib
    ├── app-bases
    │   ├── README.md
    │   └── argo-cd
    │       ├── Chart.yaml
    │       ├── helmfile.yaml
    │       └── values.yaml
    └── vendor-dependencies
        ├── argo-cd
        │   └── synced
        │       ├── helm-chart
        │       └── vendor-manifests
        ├── vendir.lock.yml
        └── vendir.yml

[jan-brychta]

when you are using umbrella charts you have to indent the values. in this case

app-bases/argo-cd/values.yaml
 
argo-cd:
  dex:
    enabled: false
  redis-ha:
    enabled: false