search

fluxcd / flux

Successor: https://github.com/fluxcd/flux2
https://fluxcd.io
Apache License 2.0
6.9k stars 1.08k forks source link

Flux automate image updates issue #3562

Closed lgs closed 2 years ago

lgs commented 2 years ago

Describe the bug

We have image pools that starts with master- and develop*- tags. So after every image build, we want automatically update in our flux-patch.yaml related service image tag with the newest one.

We have implemented this code below with the regexp definition, but anyway when the newest images are coming, flux is updating it with the wrong images.

This is our flux-patch.yaml implementation (on GitHub):

apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
  annotations:
    filter.fluxcd.io/chart-image: regexp:^((^master|^develop[A-Za-z]*)-(\d+)(?![A-Za-z])*)$
    fluxcd.io/automated: "true"
  name: my-service-name
  namespace: my-namespace

The regex error we get can be seen here:

InkedAutoImageUpdate_LI

Steps to reproduce

Run the regex like reported in the following "Expected behavior" form field.

Expected behavior

With this regexp ^((^master|^develop[A-Za-z]*)-(\d+)(?![A-Za-z])*)$, we are expecting to take only develop-NUMBER, master-NUMBER, development-NUMBER images. So for example it should update develop-15 to develop-16, master-5 to master-6, development-10 to development-11.

Here the results of auto deployment and our regular expression:

Regex

Kubernetes version / Distro / Cloud provider

Amazon EKS 1.18

Flux version

flux:1.21.0

Git provider

GitHub

Container Registry provider

Harbor

Additional context

No response

Maintenance Acknowledgement

Code of Conduct

kingdonb commented 2 years ago

Thank you for reporting this issue, I definitely haven't seen it before. I had a look at your regexp in regex101 to understand what might be the trouble.

I found it explains one section of your regex is a "negative lookahead" as shown here:

Screen Shot 2021-10-25 at 3 07 58 PM

According to this source, the go regexp library (which Flux depends on for handling these regular expressions) does not support negative lookaheads for reasons relating to big-O timing and performance guarantees:

https://stackoverflow.com/questions/26771592/negative-look-ahead-in-go-regular-expressions

Please let me know if this helps, or if there's anything else I can do here. It seems you'll have to use a different regexp.

You could use this simpler regex:

^(master|develop[A-Za-z]*)-(\d+)$

It seems to match all the same things you were expecting, and none of the images you didn't:

Screen Shot 2021-10-25 at 3 12 54 PM

but if I understood correctly what you're trying to do, I am not sure you will be able to get the behavior that you wanted without two separate regexps. If you want master to only be upgraded to other master images, and develop to develop, then I think they will need to have their own separate image policies.

If there is a way to refer back to the current value of the existing image tag in git, then I don't know it.

So then, the final regexps I would have suggested are, separately:

^master-(\d+)$

and

^develop[A-Za-z]*-(\d+)$
kingdonb commented 2 years ago

I wanted to say separately, this is a really interesting pattern that you're trying to apply here, regex issues aside.

I got the idea that you're trying to apply the annotation to all HelmRelease resources with a patch. This is super smooth, if it works. I appreciate you showing us how you're using Flux (or trying to use it at least) and that the use case is one I'd like to highlight if it can be made to work, with an eye towards making enhancements to the goal of feature parity in Flux v2, (which right now still doesn't have anything quite like the fluxcd.io/automated annotation, as I'm sure you're aware.)

Did you figure this pattern out yourself, or did you find it in a tutorial or guide? I'm curious, it's not one I've seen before, but it seems super useful. Just probing to find out more information if you're willing to volunteer it here.

Thanks again for your report and sorry that you're experiencing this issue.

lgs commented 2 years ago

Thank you @kingdonb, the team implemented your suggestion to split the regex and it works successfully.

FluxCD V1 is something that we implemented years ago and it is great. Unfortunately nowadays, is not clear for us if we can and want upgrade to FluxCD V2 or go for a completely different direction.

So far this is what we are running successfully and your help has been really appreciated by all the Team. I'll close this issue for now because your trick fix it permanently.