Closed diefans closed 3 months ago
Hi @diefans,
The reason for the above is that helm template ...
without --validate
doesn't consult the api server for served APIs which makes our template logic in e.g. https://github.com/Kong/charts/blob/e09fd7a54ba99466328ccf9a581e50a3d516f58c/charts/kong/templates/_helpers.tpl#L1502 return false.
If you want to get similar results between the 2 invocations you can provide the Gateway API as such:
helm template kong --api-versions gateway.networking.k8s.io/v1 ...
and you should get a similar result to the one that you get with --validate
(assuming that this is the API that's served by your cluster.
I'm going to close this issue now but feel free to reach out again if there's still something to cover.
Is there an existing issue for this?
Current Behavior
When you call
helm template
with--validate
the generated output contains extra rules for the ClusterRole, which are needed to run the ingress controller:Expected Behavior
The extra rules generated by
--validate
should be generated without calling--validate
.Steps To Reproduce
Kong Ingress Controller version
Kubernetes version
Anything else?
The actual problem when using
--validate
is, that it inspects the state of the cluster, and for people using other tools to install kong/ingress (as also suggested in https://github.com/Kong/kubernetes-ingress-controller/issues/4712) the generation of the manifests depends on the cluster state, e.g. if you have a dev-cluster and use tools liketilt
- it effectively prevents callinghelm template --validate
, sincehelm
is throwing an error like: