helm secrets triggering increase in history over 1Meg etc limit

[diepes]

Error: UPGRADE FAILED: create: failed to create: Secret "sh.helm.release.v1.xxx-dev.v3360" is invalid: data: Too long: must have at most 1048576 characters

I think this is triggered because helm saves all the files in the chart dir to the history. with helm secrets upgrade, the secrets.yaml and the secrets.yaml.dec end up in the history.

Am i correct that i can solve this by adding secrets.yaml to my .helmignore file ?

[diepes]

I added to my .helmignore the following and it resolved the issue. #no need to save secrets.yaml and secrets.yaml.dec in helm history secrets.yaml //*/secrets.yam

Would this break anything if we plan to roll back to older helm deployment ? Should the secrets plugin filter out one of secrets.yaml from the helm history ?

[kaarolch]

@diepes I think this issue that you have is connected with old issue https://github.com/helm/helm/issues/1413 now moved to https://github.com/helm/helm/issues/8281. How big are your configmaps?

[diepes]

@kaarolch They went over the 1meg limit, currently with the secrets.yaml excluded back down to 700kb.

$ kubectl get secrets sh.helm.release.v1.xxxx-dev.v108  -o yaml | wc
     18      33  771221

I logged the issue under helm-secrets, as by default when adding a sops encrypted secrets.yaml to your helm template, it seems helm secrets, includes both the encrypted secrets.yaml and the secrets.yaml.dec in the history.

[jkroepke]

@diepes Whats your path of secret.yaml?

I can't see my encrypted files via helm get values nor helm get manifest