Take locally extracted bundle or download bundle from the specified container registry using
specified version tag or version mask and render it as Kubernetes manifests.
werf bundle render [options]
$WERF_SECRET_KEY Use specified secret key to extract secrets for the deploy. Recommended way to
set secret key in CI-system.
Secret key also can be defined in files:
* ~/.werf/global_secret_key (globally),
* .werf_secret_key (per project)
Add annotation to deploying resources (can specify multiple).
Format: annoName=annoValue[<separator>annoName=annoValue ...]. The default separator is
a newline ("\n"), but it can be customized using the --add-annotation-separator flag.
Also, can be specified with $WERF_ADD_ANNOTATION_* (e.g.
Separator for --add-annotation values (default $WERF_ADD_ANNOTATION_SEPARATOR or "\n")
Add label to deploying resources (can specify multiple).
Format: labelName=labelValue[<separator>labelName=labelValue ...]. The default
separator is a newline ("\n"), but it can be customized using the --add-label-separator
Also, can be specified with $WERF_ADD_LABEL_* (e.g.
$WERF_ADD_LABEL_1=labelName1=labelValue1, $WERF_ADD_LABEL_2=labelName2=labelValue2)
Separator for --add-label values (default $WERF_ADD_LABEL_SEPARATOR or "\n")
-b, --bundle-dir=""
Get extracted bundle from directory instead of registry (default $WERF_BUNDLE_DIR)
(Buildah-only) Use specified mirrors for docker.io
Do not use secret values from the default .helm/secret-values.yaml file (default
Do not use values from the default .helm/values.yaml file (default
Specify docker config directory path. Default $WERF_DOCKER_CONFIG or $DOCKER_CONFIG or
~/.docker (in the order of priority)
Command needs granted permissions to read, pull and push images into the specified
repo, to pull base images
Use specified environment (default $WERF_ENV)
Use specified dir to store werf cache files and dirs (default $WERF_HOME or ~/.werf)
Disable secrets decryption (default $WERF_IGNORE_SECRET_KEY)
Include CRDs in the templated output (default $WERF_INCLUDE_CRDS)
Allow insecure oci registries to be used in the Chart.yaml dependencies configuration
Use plain HTTP requests when accessing a registry (default $WERF_INSECURE_REGISTRY)
Kubernetes API server address (default $WERF_KUBE_API_SERVER)
Kubernetes client burst limit (default $WERF_KUBE_BURST_LIMIT or 100)
Kubernetes API server CA path (default $WERF_KUBE_CA_PATH)
Kubernetes config file path (default $WERF_KUBE_CONFIG, or $WERF_KUBECONFIG, or
Kubernetes config data as base64 string (default $WERF_KUBE_CONFIG_BASE64 or
Kubernetes config context (default $WERF_KUBE_CONTEXT)
Kubernetes client QPS limit (default $WERF_KUBE_QPS_LIMIT or 30)
Server name to use for Kubernetes API server certificate validation. If it is not
provided, the hostname used to contact the server is used (default
Kubernetes bearer token used for authentication (default $WERF_KUBE_TOKEN)
Set specific Capabilities.KubeVersion (default $WERF_KUBE_VERSION)
Set log color mode.
Supported on, off and auto (based on the stdout’s file descriptor referring to a
terminal) modes.
Default $WERF_LOG_COLOR_MODE or auto mode.
Enable debug (default $WERF_LOG_DEBUG).
Enable emojis, auto line wrapping and log process border (default $WERF_LOG_PRETTY or
Print current project directory path (default $WERF_LOG_PROJECT_DIR)
Disable explanatory output (default $WERF_LOG_QUIET).
Set log terminal width.
Defaults to:
* interactive terminal width or 140
Add time to log entries for precise event time tracking (default $WERF_LOG_TIME or
Specify custom log time format (default $WERF_LOG_TIME_FORMAT or RFC3339 format).
Enable verbose output (default $WERF_LOG_VERBOSE).
Use specified Kubernetes namespace (default $WERF_NAMESPACE)
Parallelize some network operations (default $WERF_NETWORK_PARALLELISM or 30)
Write render output to the specified file instead of stdout ($WERF_RENDER_OUTPUT by
Use specified Helm release name (default $WERF_RELEASE)
Container registry storage address (default $WERF_REPO)
Choose repo container registry implementation.
The following container registries are supported: ecr, acr, default, dockerhub, gcr,
github, gitlab, harbor, quay.
Default $WERF_REPO_CONTAINER_REGISTRY or auto mode (detect container registry by repo
repo Docker Hub password (default $WERF_REPO_DOCKER_HUB_PASSWORD)
repo Docker Hub token (default $WERF_REPO_DOCKER_HUB_TOKEN)
repo Docker Hub username (default $WERF_REPO_DOCKER_HUB_USERNAME)
repo GitHub token (default $WERF_REPO_GITHUB_TOKEN)
repo Harbor password (default $WERF_REPO_HARBOR_PASSWORD)
repo Harbor username (default $WERF_REPO_HARBOR_USERNAME)
repo quay.io token (default $WERF_REPO_QUAY_TOKEN)
Specify helm secret values in a YAML file (can specify multiple). Also, can be defined
with $WERF_SECRET_VALUES_* (e.g. $WERF_SECRET_VALUES_ENV=secret_values_test.yaml,
Set helm values on the command line (can specify multiple or separate values with
commas: key1=val1,key2=val2).
Also, can be defined with $WERF_SET_* (e.g. $WERF_SET_1=key1=val1,
Shortcut to set current docker config into the .Values.dockerconfigjson
Set values from respective files specified via the command line (can specify multiple
or separate values with commas: key1=path1,key2=path2).
Also, can be defined with $WERF_SET_FILE_* (e.g. $WERF_SET_FILE_1=key1=path1,
Set STRING helm values on the command line (can specify multiple or separate values
with commas: key1=val1,key2=val2).
Also, can be defined with $WERF_SET_STRING_* (e.g. $WERF_SET_STRING_1=key1=val1,
-s, --show-only=[]
only show manifests rendered from the given templates
-L, --skip-dependencies-repo-refresh=false
Do not refresh helm chart repositories locally cached index
Skip TLS certificate validation when accessing a Helm charts repository (default
Skip TLS certificate validation when accessing a Kubernetes cluster (default
Skip TLS certificate validation when accessing a registry (default
Provide exact tag version or semver-based pattern, werf will render the latest version
of the specified bundle ($WERF_TAG or latest by default)
Use specified dir to store tmp files and dirs (default $WERF_TMP_DIR or system tmp dir)
Validate your manifests against the Kubernetes cluster you are currently pointing at
(default $WERF_VALIDATE)
Specify helm values in a YAML file or a URL (can specify multiple). Also, can be
defined with $WERF_VALUES_* (e.g. $WERF_VALUES_1=values_1.yaml,