Skip to content

Layered Chart Values

Omnistrate supports layered chart values for Helm chart configuration, providing conditional deployment customization across different environments, cloud providers, and deployment contexts. This feature replaces traditional static chartValues with a flexible, hierarchical system that applies configuration layers based on runtime conditions.

Info

Layered Chart Values and traditional chartValues are mutually exclusive. You must choose one approach per resource.

Basic example

layeredChartValues:
  - # Base layer - applies to all deployments
    values:
      global:
        environment: "production"
        monitoring:
          enabled: true

  - # Conditional layer - applies only to AWS
    scope:
      "{{ $sys.deploymentCell.cloudProviderName }}": "aws"
    values:
      aws:
        storageClass: "gp3"
        loadBalancer:
          type: "nlb"

  - # External configuration layer
    scope:
      "{{ $sys.deploymentCell.region }}": "us-west-2"
    valuesFile:
      gitConfiguration:
        repositoryUrl: "https://github.com/your-org/helm-configs.git"
        reference: "refs/heads/main"
        accessToken: "{{ $secret.GH_ACCESS_TOKEN }}"
      path: "regions/us-west-2/values.yaml"

How it works

Layers are processed in definition order. Each layer's scope conditions are evaluated against deployment context, and only matching layers are applied. Configuration values are deep merged, with later layers overriding earlier ones.

Template variables available:

  • System variables ($sys.*): Platform parameters like cloud provider, region, network config. See System Parameters
  • API parameters ($var.*): User-defined API parameters from your service specification
  • Output variables ($out.*): Infrastructure outputs from Terraform resources and other resource outputs
  • Secrets ($secret.*): Secure access to secrets managed by Omnistrate

Layer types

Inline values layer

Defines configuration directly in the service specification:

- values:
    app:
      name: "my-service"
      replicas: 3
      image:
        tag: "v1.2.3"

Git-referenced layer

References external configuration files:

- valuesFile:
    gitConfiguration:
      repositoryUrl: "https://github.com/your-org/configs.git"
      reference: "refs/heads/main"
      accessToken: "{{ $secret.GITHUB_TOKEN }}"
    path: "services/my-service/values.yaml"

Scoped layer

Applies only when conditions are met:

- scope:
    "{{ $sys.deploymentCell.cloudProviderName }}": "gcp"
    "{{ $sys.deploymentCell.region }}": "us-central1"
  values:
    gcp:
      workloadIdentity:
        enabled: true

Advanced examples

Multi-cloud deployment

layeredChartValues:
  # Base configuration for all clouds
  - values:
      app:
        name: "multi-cloud-service"
        replicas: 3
        monitoring:
          enabled: true

  # AWS-specific configuration
  - scope:
      "{{ $sys.deploymentCell.cloudProviderName }}": "aws"
    values:
      serviceAccount:
        annotations:
          eks.amazonaws.com/role-arn: "{{ $out.iam.role.arn }}"
      storage:
        class: "gp3"
        provisioner: "ebs.csi.aws.com"

  # GCP-specific configuration
  - scope:
      "{{ $sys.deploymentCell.cloudProviderName }}": "gcp"
    values:
      serviceAccount:
        annotations:
          iam.gke.io/gcp-service-account: "{{ $out.iam.serviceAccount.email }}"
      storage:
        class: "ssd"
        provisioner: "pd.csi.storage.gke.io"

  # Azure-specific configuration
  - scope:
      "{{ $sys.deploymentCell.cloudProviderName }}": "azure"
    values:
      serviceAccount:
        annotations:
          azure.workload.identity/client-id: "{{ $out.iam.identity.clientId }}"
      storage:
        class: "managed-csi"
        provisioner: "disk.csi.azure.com"

Environment-based configuration

layeredChartValues:
  # Production defaults
  - values:
      app:
        replicas: 5
        resources:
          cpu: "1000m"
          memory: "2Gi"
        monitoring:
          level: "standard"

  # Development overrides
  - scope:
      "{{ $var.environment }}": "development"
    values:
      app:
        replicas: 1
        resources:
          cpu: "100m"
          memory: "256Mi"
        monitoring:
          level: "debug"

  # Staging configuration from Git
  - scope:
      "{{ $var.environment }}": "staging"
    valuesFile:
      gitConfiguration:
        repositoryUrl: "https://github.com/your-org/staging-configs.git"
        reference: "refs/heads/main"
        accessToken: "{{ $secret.GH_ACCESS_TOKEN }}"
      path: "common/staging-values.yaml"

Git integration

Repository authentication

Public repositories

For publicly accessible repositories, only specify the repository URL:

valuesFile:
  gitConfiguration:
    repositoryUrl: "https://github.com/your-org/public-helm-configs.git"
    reference: "refs/heads/main"
  path: "shared/base-values.yaml"

Private repositories

For private repositories, provide an access token via Omnistrate secrets:

valuesFile:
  gitConfiguration:
    repositoryUrl: "https://github.com/your-org/private-helm-configs.git"
    reference: "refs/heads/main"
    accessToken: "{{ $secret.GITHUB_TOKEN }}"
  path: "secure/production-values.yaml"

Reference types

Omnistrate supports standard Git reference formats for specifying which version of your configuration to use:

Branch references

# Latest commit on main branch
reference: "refs/heads/main"

# Latest commit on develop branch
reference: "refs/heads/develop"

# Latest commit on feature branch
reference: "refs/heads/feature/new-config"

Tag references

# Specific release tag
reference: "refs/tags/v1.2.3"

# Latest stable release
reference: "refs/tags/stable"

Commit references

For referencing specific commits, use the commitSHA field instead of reference:

valuesFile:
  gitConfiguration:
    repositoryUrl: "https://github.com/your-org/helm-configs.git"
    reference: "refs/heads/main"
    commitSHA: "a1b2c3d4e5f6789012345678901234567890abcd"
    accessToken: "{{ $secret.GH_ACCESS_TOKEN }}"
  path: "values.yaml"