Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

diff doesn't work for imported resources? #639

Open
AndriiOmelianenko opened this issue Jul 4, 2024 · 5 comments
Open

diff doesn't work for imported resources? #639

AndriiOmelianenko opened this issue Jul 4, 2024 · 5 comments
Labels
question

Comments

@AndriiOmelianenko
Copy link

AndriiOmelianenko commented Jul 4, 2024
edited
Loading

hello, I'm trying to create a helm chart for existing resources in the cluster with the least breaking changes as possible. So let's say I have a single resource to import (for simplicity):

$ kubectl get sa sa-test -o yaml
apiVersion: v1
imagePullSecrets:
- name: image-pull-secret
kind: ServiceAccount
metadata:
  name: sa-test
  namespace: test

My steps:

  1. install an "empty" chart, with no resources (this is to trick helm diff upgrade to work)
  2. import resources with labels/annotations
kubectl annotate $KIND $NAME  meta.helm.sh/release-name=$RELEASE_NAME --overwrite
kubectl annotate $KIND $NAME  meta.helm.sh/release-namespace=$NAMESPACE --overwrite
kubectl label $KIND $NAME  app.kubernetes.io/managed-by=Helm --overwrite
  1. run helm diff upgrade and see the differences, to tune my chart/values.

But in my case, I get this:

$ helm diff upgrade test ./microservice -f test.values.yaml --namespace test
test, sa-test, ServiceAccount (v1) has been added:
-
+ # Source: microservice/templates/serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: sa-test
+   labels:
+     helm.sh/chart: microservice-0.1.0
+     app.kubernetes.io/name: microservice
+     app.kubernetes.io/instance: test
+     app.kubernetes.io/version: "0.1.0"
+     app.kubernetes.io/managed-by: Helm
+ automountServiceAccountToken: true

What am I doing wrong?
@AndriiOmelianenko
Copy link
Author

regarding step #1 , without it, I get this:

$ helm diff upgrade test ./microservice -f test.values.yaml --namespace test --install
********************

	Release was not present in Helm.  Diff will show entire contents as new.

********************
test, sa-test, ServiceAccount (v1) has been added:
-
+ # Source: microservice/templates/serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: sa-test
+   labels:
+     helm.sh/chart: microservice-0.1.0
+     app.kubernetes.io/name: microservice
+     app.kubernetes.io/instance: test
+     app.kubernetes.io/version: "0.1.0"
+     app.kubernetes.io/managed-by: Helm
+ # automountServiceAccountToken: true

@AndriiOmelianenko
Copy link
Author

here is even simpler flow:

$ kubectl create sa sa-test1
serviceaccount/sa-test1 created

$ kubectl annotate sa sa-test1 meta.helm.sh/release-name=test
kubectl annotate sa sa-test1 meta.helm.sh/release-namespace=test-development
kubectl label sa sa-test1 app.kubernetes.io/managed-by=Helm
serviceaccount/sa-test1 annotated
serviceaccount/sa-test1 annotated
serviceaccount/sa-test1 labeled

$ kubectl get sa sa-test1 -o yaml
apiVersion: v1
imagePullSecrets:
- name: image-pull-secret
kind: ServiceAccount
metadata:
  annotations:
    meta.helm.sh/release-name: test
    meta.helm.sh/release-namespace: test-development
  creationTimestamp: "2024-07-04T16:31:53Z"
  labels:
    app.kubernetes.io/managed-by: Helm
  name: sa-test1
  namespace: test-development
  resourceVersion: "6009049282"
  uid: 273f63a5-d649-4b35-b4f0-15fce043e6e4

$ helm diff upgrade --install test ./microservice -f dev-test.values.yaml --namespace test-development
********************

	Release was not present in Helm.  Diff will show entire contents as new.

********************
test-development, sa-test1, ServiceAccount (v1) has been added:
-
+ # Source: microservice/templates/serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: sa-test1
+   labels:
+     helm.sh/chart: microservice-0.1.0
+     app.kubernetes.io/name: microservice
+     app.kubernetes.io/instance: test
+     app.kubernetes.io/version: "0.1.0"
+     app.kubernetes.io/managed-by: Helm

what am I missing?

@yxxhero
Copy link
Collaborator

yxxhero commented Jul 4, 2024

@AndriiOmelianenko what's your expected?

@AndriiOmelianenko
Copy link
Author

hi @yxxhero I was able to figure out a workaround using helm-diff + another helm plugin called adopt

if I run adopt first (which in my understanding creates a release + puts labels and annotations over existing resource), and then follow by diff - the diff is properly displayed:

$ helm diff upgrade --install test ./microservice -f dev-test.values.yaml --namespace test-development
test-development, sa-test1, ServiceAccount (v1) has changed:
- # Source: templates/serviceaccounts-0.yaml
+ # Source: microservice/templates/serviceaccount.yaml
  apiVersion: v1
- imagePullSecrets:
- - name: image-pull-secret
  kind: ServiceAccount
  metadata:
+   name: sa-test1
    labels:
+     helm.sh/chart: microservice-0.1.0
+     app.kubernetes.io/name: microservice
+     app.kubernetes.io/instance: test
+     app.kubernetes.io/version: "0.1.0"
      app.kubernetes.io/managed-by: Helm
-   name: sa-test1
-   namespace: test-development
+ # automountServiceAccountToken: true

I wonder why the same doesn't work if I just label and annotate resources myself

@yxxhero
Copy link
Collaborator

yxxhero commented Jul 5, 2024

helm-diff is a plugin for Helm that is used to compare differences between two versions of Helm charts. By default, helm-diff performs its analysis by comparing the local Chart version with the version in the remote repository, and it does not interact directly with the resources deployed in the Kubernetes cluster.
When using helm-diff, its main functions are:

  1. To compare the configurations and templates of two chart versions to identify the differences between them.
  2. To display which Kubernetes resources would change if an upgrade to the new version were to be performed.
    However, helm-diff does not directly interact with the Kubernetes cluster; it does not read the actual state of the resources running in the cluster. It simply analyzes the chart information saved in the Helm Release Secret and the current chart directory to show the differences.
    If you want to compare the actual resources running in the Kubernetes cluster with the Helm templates, you might need to use other tools or methods, such as manually comparing with kubectl command-line tool, or using other specialized tools for cluster resource versioning and reconciliation.
    Understanding the capabilities and limitations of each tool when dealing with Kubernetes cluster resources and Helm charts is crucial for effectively managing and deploying your applications.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yxxhero @AndriiOmelianenko