search

carvel-dev / kapp-controller

Continuous delivery and package management for Kubernetes.
https://carvel.dev/kapp-controller
Apache License 2.0
267 stars 103 forks source link

Seeking clarification on PackageInstall values. #1461

Open MAHDTech opened 8 months ago

MAHDTech commented 8 months ago

Hi,

I'm seeking clarification on the way to pass a PackageInstall customized values.

I have a package that has a 2-step template.

  1. Templates a helm chart
  2. Uses ytt for patching and adding additional templates

I am trying to figure out how I can have one set of values held in a Secret where I can provide configuration options to both helm and ytt.

I believe the issue I am hitting is described in this below note from the docs, but wanting to clarify my understanding and determine if there are any known workarounds or suggestions how I might proceed?

Note: Values will only be included in the first templating step of the package, though we intend to improve this experience in later releases.

Example

The goal with this example is to get the namespace value passed to both the helm chart during templating and also the ytt templating as if you were either using the --data-values-file flag to ytt or using the valuesFrom part of the App spec.

When testing, I found that the helm template correctly uses the updated value but ytt does not continuing to use the default.

carvel/packages/test.mydomain/
├── artifacts
│   └── packages
│       └── test.mydomain
│           ├── metadata.yml
│           └── package.yml
├── build-values.yml
├── config
│   └── ytt
│       ├── defaults.yaml
│       ├── overlays
│           └── example-overlay.yaml
│       ├── schema.yaml
│       └── templates
│           └── ConfigMap.yaml
├── examples
│   ├── PackageInstall.yaml
│   ├── PackageRepository.yaml
│   └── Secret.yaml
├── package-build.yml
├── package-resources.yml
├── tests
├── upstream
│   └── helm
│       └── test
│           ├── Chart.yaml
│           ├── charts
│           ├── templates
│           │   ├── ConfigMap.yaml
│           │   └── Namespace.yaml
│           └── values.yaml
└── vendir.yml

          template:
          - helmTemplate:
              name: test
              path: upstream/helm/test
          - ytt:
              paths:
              - '-'
              - config/ytt
namespace: test
#@data/values
---
namespace: test
---
apiVersion: v1
kind: Secret
metadata:
  name: test-values
  namespace: carvel
stringData:
  values.yaml: |
    ---
    namespace: test-override
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
  annotations:
    kctrl.carvel.dev/local-fetch-0: .
  creationTimestamp: null
  name: test
  namespace: carvel
spec:
  packageRef:
    refName: test.mydomain
    versionSelection:
      constraints: 0.0.1
  serviceAccountName: kapp-controller-sa
  syncPeriod: 5m0s
  values:
    - secretRef:
        name: test-values

Related

MAHDTech commented 7 months ago

It makes more sense now, not only does this issue apply to the helm + ytt combo but any multi-template package

Given this PackageInstall snippet example

spec:
  packageRef:
    refName: my-package
    versionSelection:
      constraints: 0.0.1
  serviceAccountName: kapp-controller-sa
  values:
    - secretRef:
        name: my-package-values

In the App spec of a multi-stage ytt template results in 

  template:
    - ytt:
        paths:
          - config/kapp/Config.yaml
          - config/ytt/common
          - config/ytt/my-folder-1
        valuesFrom:
          - secretRef:
              name: my-package-values
    - ytt:
        paths:
          - config/kapp/Config.yaml
          - config/ytt/common
          - config/ytt/my-folder-2
    - kbld:
        paths:
          - '-'
          - .imgpkg/images.yml

Unfortunately only the first template step has the values from the secret applied.

Is this something planned to be fixed as it really makes it not very usable when you need to customise values.

praveenrewar commented 7 months ago

Hi @MAHDTech, apologies for not being able to reply for a while. You are right, as of now only the first templating step has access to the data values secret. We do want to enhance this, but unfortunately the maintainers don't have enough bandwidth to work on it at this time. Would you like to create a proposal (and then make the change in kapp-controller)? I would be really happy to assist you with both, and we will definitely prioritise reviews.