Helmfile — Declarative Helm Chart Deployment Manager

Introduction

Helmfile solves the multi-chart deployment problem that Helm alone leaves to scripts. Instead of running helm install commands one by one, you declare all releases in a single file with environment overrides, and Helmfile handles ordering, diffing, and idempotent applies.

What Helmfile Does

• Declares multiple Helm releases in a single YAML specification file
• Supports environment-specific value overrides for dev, staging, and production
• Shows a colorized diff of pending changes before applying with helmfile diff
• Resolves inter-release dependencies and applies in the correct order
• Integrates with helm-secrets for encrypted value files using SOPS or AGE

Architecture Overview

Helmfile is a Go binary that reads helmfile.yaml, resolves Go templates and environment values, then orchestrates Helm CLI commands. It shells out to helm for each release operation but adds dependency resolution, parallel execution, and a diff layer via the helm-diff plugin. State is tracked by Helm itself via release secrets in the cluster.

Self-Hosting & Configuration

• Single binary with no daemon or server component
• Define environments in helmfile.yaml with per-environment values files
• Use Go templating to dynamically generate release lists from variables
• Encrypt sensitive values with helm-secrets and SOPS for secure GitOps
• Store helmfile.yaml alongside application code for version-controlled deployments

Key Features

• helmfile diff previews exactly what will change before any mutation
• Environment layering: base values + environment overrides in a clean hierarchy
• Parallel release processing with configurable concurrency limits
• Hooks for pre/post install, upgrade, and delete lifecycle events
• Glob and label selectors to target subsets of releases

Comparison with Similar Tools

• Helm — manages individual charts; Helmfile orchestrates multiple charts together
• Kustomize — patches raw YAML, no Helm chart support built in
• ArgoCD — GitOps controller that can consume Helmfile as a config source
• Terraform Helm provider — embeds Helm in Terraform state, heavier workflow
• Flux HelmRelease — GitOps CRD for Helm; Helmfile is imperative CLI-driven

FAQ

Q: Does Helmfile replace Helm? A: No. Helmfile wraps and orchestrates Helm. You still need Helm installed as Helmfile calls it under the hood.

Q: Can I use Helmfile with ArgoCD? A: Yes. The ArgoCD Helmfile plugin renders Helmfile templates into manifests that ArgoCD can sync and manage.

Q: How do I manage secrets in Helmfile? A: Use the helm-secrets plugin with SOPS or AGE encryption. Reference encrypted values files in your helmfile.yaml and they are decrypted at apply time.

Q: Does Helmfile support Helm OCI registries? A: Yes. Helmfile works with Helm v3 OCI chart references, allowing you to pull charts from container registries like GHCR or ECR.

Sources

• https://github.com/helmfile/helmfile
• https://helmfile.readthedocs.io