Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to suppress specific metadata label/annotations #473

Open
jkroepke opened this issue Jun 15, 2023 · 4 comments
Open

Ability to suppress specific metadata label/annotations #473

jkroepke opened this issue Jun 15, 2023 · 4 comments

Comments

@jkroepke
Copy link
Contributor

Hi,

helm diff produces large diffs, if a helm chart upgrade is happening.

Since its common to put the chart version as label on each resource, Each resource has a diff at minimum.

image

@jkroepke
Copy link
Contributor Author

ref #392

@MrKich
Copy link

MrKich commented Aug 7, 2024

Is it possible to suppress lines not only in diff output, but in diff logic, too (e.g. do not return exit code 2 if all changes are only in suppressed lines) ?

@yypastushenko
Copy link

We frequently encounter unwanted changes in helm diff caused by dynamically injected fields (like caBundle added by cert-manager annotations). For example, in a MutatingWebhookConfiguration resource:

apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  annotations:
    cert-manager.io/inject-ca-from: kube-vault/vault-secrets-webhook-webhook-tls
webhooks:
  - clientConfig:
      caBundle: <base64-encoded-ca>

Here, the cert-manager webhook dynamically injects the caBundle field into clientConfig. Since this field is not present in the original Helm chart and is added at runtime, helm diff always shows changes, leading to unnecessary noise in CI/CD pipelines.

Current Behavior:

  • helm-diff cannot exclude specific changes within a resource’s manifest.
  • Only whole objects can be excluded using --skip-deployments, but this is too coarse-grained for our use case.

Desired Behavior:

  • Similar to ArgoCD, provide the ability to exclude specific changes using JSONPath patterns.

For example, in ArgoCD, we can configure exclusion as follows:

spec:
  ignoreDifferences:
    - group: "admissionregistration.k8s.io"
      kind: "MutatingWebhookConfiguration"
      jsonPointers:
        - "/webhooks/0/clientConfig/caBundle"

With such a feature in helm-diff, we could precisely exclude changes like caBundle without ignoring the entire resource.

Why It Matters:
Helm diff is often used in CI/CD pipelines to detect Infrastructure as Code (IaC) drift. However, it currently reports changes even when there are no actual updates to apply from IaC. This creates unnecessary noise, reduces the reliability of drift detection, and disrupts automation workflows.

@dudicoco
Copy link

--suppress-output-line-regex solves this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants