ansible-collections / kubernetes.core

The collection includes a variety of Ansible content to help automate the management of applications in Kubernetes and OpenShift clusters, as well as the provisioning and maintenance of clusters themselves.
Other
216 stars 138 forks source link

Helm-Diff not working? #772

Open Joachim-42he opened 3 months ago

Joachim-42he commented 3 months ago

I have previously asked about this in this issue but was directed to open a bug ticket.

SUMMARY

I am running Ansible from a devcontainer environment (Debian 12) against a bare-metal cluster (Ubuntu 22.04, k3s 1.29.7) . Helm (version 3.15.3 and Helm-Diff (version 3.9.6) are installed in the devcontainer environment and on the cluster servers.
Still I get:

[WARNING]: The default idempotency check can fail to report changes in certain cases. Install helm diff >= 3.4.1 for better results.

whenever I run a task that installs a helm-chart via kubernetes.core.helm.

ISSUE TYPE
COMPONENT NAME

kubernetes.core version 5.0.0

ANSIBLE VERSION
ansible [core 2.17.2]
  config file = /workspace/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ansible/.local/lib/python3.11/site-packages/ansible
  ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ansible/.local/bin/ansible
  python version = 3.11.9 (main, Aug  2 2024, 14:42:08) [GCC 12.2.0] (/usr/local/bin/python3)
  jinja version = 3.1.4
  libyaml = True
COLLECTION VERSION
# /home/ansible/.ansible/collections/ansible_collections
Collection                               Version
---------------------------------------- -------
ansible.posix                            1.5.4
community.crypto                         2.21.1
community.docker                         3.11.0
community.general                        9.2.0
community.library_inventory_filtering_v1 1.0.1
community.mysql                          3.9.0
kubernetes.core                          5.0.0
CONFIGURATION
ANSIBLE_PIPELINING(/workspace/ansible.cfg) = True
CONFIG_FILE() = /workspace/ansible.cfg
DEFAULT_FORKS(/workspace/ansible.cfg) = 8
DEFAULT_GATHERING(/workspace/ansible.cfg) = explicit
DEFAULT_MANAGED_STR(/workspace/ansible.cfg) = File managed by Ansible.
Manual editing will not be persistent!
DEFAULT_VAULT_PASSWORD_FILE(/workspace/ansible.cfg) = /secrets/production.ansible.vault.passwd
DIFF_ALWAYS(/workspace/ansible.cfg) = True
INTERPRETER_PYTHON(/workspace/ansible.cfg) = /usr/bin/python3
OS / ENVIRONMENT

Ubuntu 22.04

Example Task
- name: "Deploy Prometheus Helm Chart"
  kubernetes.core.helm:
    release_name: "kube-prometheus-stack"
    update_repo_cache: true
    chart_ref: "kube-prometheus/kube-prometheus-stack"
    chart_version: "{{ k8s_helm_prometheus_version }}"
    release_namespace: "monitoring"
    create_namespace: true
    skip_crds: true
    release_state: present
    wait: true
    release_values:
      global:
        rbac:
          createAggregateClusterRoles: true
      kubeControllerManager:
        enabled: true
(...)
yurnov commented 2 months ago

If you need t patch some values in already installed chart, you can use:

- name: Get EDA2 installed release info
  kubernetes.core.helm_info:
    kubeconfig: "{{ kubeconfig }}"
    namespace: "monitoring"
    name: "kube-prometheus-stack"
  register: base_helm_info

- name: Baseline release values
  set_fact:
    base_values: "{{ base_helm_info['status']['values'] }}"

- name: Set desired diff
  set_fact:
    desired_diff:
      global:
        rbac:
          createAggregateClusterRoles: true
      kubeControllerManager:
        enabled: true

- name: "Patch values Prometheus Helm Chart"
  kubernetes.core.helm:
    release_name: "kube-prometheus-stack"
    update_repo_cache: true
    chart_ref: "kube-prometheus/kube-prometheus-stack"
    chart_version: "{{ k8s_helm_prometheus_version }}"
    release_namespace: "monitoring"
    create_namespace: true
    skip_crds: true
    release_state: present
    wait: true
    release_values: "{{ base_values|conbine(desired_diff, recursive=True)}}"
Joachim-42he commented 2 months ago

Thank you for your reply @yurnov but I only wanted to get rid of/understand the recurring warning in Ansible.

gravesm commented 3 weeks ago

I'm unable to reproduce this issue. When I don't have helm-diff installed, I see the warning. When I have helm-diff v3.9.11 installed I don't see the warning. Are you sure you have helm-diff installed on the remote machine?

If you just want to silence warnings, you can use https://docs.ansible.com/ansible/latest/reference_appendices/config.html#action-warnings.

Joachim-42he commented 2 weeks ago

@gravesm Thank you for your reply. I just updated to helm-diff v3.9.11 but still get the same result when running the play from the thread start. In the devcontainer:

> helm plugin list
NAME    VERSION DESCRIPTION
diff    3.9.11  Preview helm upgrade changes as a diff

On the remote server targeted by the play:

joachim@dc1 ~> helm plugin list
NAME    VERSION DESCRIPTION
diff    3.9.11  Preview helm upgrade changes as a diff

And yet:

TASK [k8s/monitoring : Deploy Prometheus Helm Chart] ***************************************************************************************
[WARNING]: The default idempotency check can fail to report changes in certain cases. Install helm diff >= 3.4.1 for better results.
ok: [dc1.42he.com]

And I do not want to silence the warning, I want to fix it or at least understand why it displayed.

gravesm commented 2 weeks ago

Can you try adding a task to your playbook to install the helm-diff plugin using https://docs.ansible.com/ansible/latest/collections/kubernetes/core/helm_plugin_module.html#ansible-collections-kubernetes-core-helm-plugin-module?

Joachim-42he commented 2 weeks ago

@gravesm I will try that and report back. Thank you.

Joachim-42he commented 2 weeks ago

@gravesm I forgot that we are already installing helm and the diff plugin on the remote servers via ansible

- name: "Install Helm"
  block:
    - name: "GPG key for Helm Repo"
      ansible.builtin.get_url:
        url: https://baltocdn.com/helm/signing.asc
        dest: /etc/apt/trusted.gpg.d/helm.asc
        mode: '644'
    - name: "Add Helm Apt Repository"
      ansible.builtin.apt_repository:
        repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/helm.asc] https://baltocdn.com/helm/stable/debian/ all main"
    - name: "Install Helm Apt package"
      ansible.builtin.apt:
        name: ["helm"]
        state: present
        update_cache: true
        cache_valid_time: 3600
    - name: Install latest version of Helm plugin diff
      kubernetes.core.helm_plugin:
        plugin_path: "https://github.com/databus23/helm-diff"