Closed soumyabk closed 3 months ago
Another thing we noticed, using the annotation helm.toolkit.fluxcd.io/driftDetection: disabled
does not skip the resource from being patched wrongly:
apiVersion: v1
data:
config.yaml: '*** (after)'
kind: ConfigMap
metadata:
annotations:
helm.toolkit.fluxcd.io/driftDetection: disabled
meta.helm.sh/release-name: <chart_name>
meta.helm.sh/release-namespace: flux-system
creationTimestamp: "2024-01-25T09:19:13Z"
There have been many changes in the underlying package that perform all the drift and apply between v0.37.2
and v0.37.4
. Can you test this on the last version?
Another thing we noticed, using the annotation helm.toolkit.fluxcd.io/driftDetection: disabled does not skip the resource from being patched wrongly:
Are you setting it up manually or as part of the helmChart?
There have been many changes in the underlying package that perform all the drift and apply between
v0.37.2
andv0.37.4
. Can you test this on the last version?
Seeing the problem even after upgrading to v0.37.4
✗ flux version
flux: v2.2.3
helm-controller: v0.37.4
✗ kubectl -n <namespace> get configmaps <service-name>-config -o=jsonpath='{.data}'
{"config.yaml":"*** (after)"}%
Another thing we noticed, using the annotation helm.toolkit.fluxcd.io/driftDetection: disabled does not skip the resource from being patched wrongly:
Are you setting it up manually or as part of the helmChart?
we set the annotation on the resource manually, but we see the annotation even after helm reconciles it with the wrong patch
✗ kubeclt -n <namespace> get configmaps <chart-name>-config -o yaml
apiVersion: v1
data:
config.yaml: '*** (after)'
kind: ConfigMap
metadata:
annotations:
helm.toolkit.fluxcd.io/driftDetection: disabled
meta.helm.sh/release-name: <chart-name>
meta.helm.sh/release-namespace: flux-system
creationTimestamp: "2024-01-25T09:19:13Z"
labels:
app: <chart-name>
app.kubernetes.io/managed-by: Helm
helm.toolkit.fluxcd.io/name: <chart-name>
helm.toolkit.fluxcd.io/namespace: flux-system
name: <chart-name>-config
namespace: <chart-name>-system
resourceVersion: "912413821"
uid: 496b9d65-919b-4f21-a4e3-58070514ea73
We also tried using the driftDetection.ignore
on the helmrelease and that does not seem to skip the data section of the configmap as well:
driftDetection:
ignore:
- paths:
- data/
target:
kind: configmap
name: <chart-name>-config
mode: enabled
I tried adding the following postRenderer on the helmrelease and did not see it show up on the configmap object
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
annotations:
reconcile.fluxcd.io/forceAt: "2024-03-27T15:46:07.153497-07:00"
reconcile.fluxcd.io/requestedAt: "2024-03-27T15:46:07.153497-07:00"
creationTimestamp: "2024-01-25T09:19:04Z"
finalizers:
- finalizers.fluxcd.io
generation: 26
labels:
kustomize.toolkit.fluxcd.io/name: <kustomization-name>
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: <chart-name>
namespace: flux-system
resourceVersion: "914078430"
uid: 7c7f0fd9-1359-457c-b304-7d604ba1a98a
spec:
chart:
spec:
chart: <chart-name>
interval: 5m
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: helm-repo
namespace: flux-system
version: 0.0.5
driftDetection:
mode: enabled
install:
crds: CreateReplace
interval: 5m
maxHistory: 3
postRenderers:
- kustomize:
patches:
- patch: "- op: add\n path: /metadata/annotations/helm.toolkit.fluxcd.io~1driftDetection\n
\ value: disabled \n"
target:
kind: configmap
name: <chart-name>-config
namespace: <chart-name>-system
version: v1
releaseName: <chart-name>
upgrade:
crds: CreateReplace
valuesFrom:
- kind: ConfigMap
name: zone-info
Also flux reconcile helmrelease --force
does not seem to be able to fix the helmrelease once its stuck in ProgressingWithRetry
status.
thanks @souleb. When is the next version of the helm-controller release expected, so we can pick up this fix.
@soumyabk see https://github.com/fluxcd/flux2/issues/4712
Also, can you confirm what is the right way to get helm-reconcile to ignore specific resources. I had tried adding this annotation helm.toolkit.fluxcd.io/driftDetection: disabled
and also using the driftDetection.ignore
field in the helmrelease and in both situations, the drift detection tried to patch the resource
driftDetection:
ignore:
- paths:
- data/
target:
kind: configmap
name: <chart-name>-config
mode: enabled
It's kind: ConfigMap
Also json paths must begin with /
instead of ending with it. See here the docs: https://fluxcd.io/flux/components/helm/helmreleases/#ignore-rules
Should be:
driftDetection:
ignore:
- paths: ["/data"]
target:
kind: ConfigMap
thanks that worked. Also, what is the recommended way to use this label helm.toolkit.fluxcd.io/driftDetection: disabled
- can it be patched manually on some resource we want to temporarily disable on a cluster to test/debug something or does it need to come as a kustomization patch.
@soumyabk you’ll be able to annotate objects in-cluster after Flux 2.3 release.
Hi Folks, we're running helmcontroller version v0.37.2 and enabled drift detection. Noticing that if any manual change was added to one of the configmaps of our helm chart, the helm controller detects a drifts and patches with a string and not the actual config map from the helm template.
Config map after reconcile:
configmap template sample:
the helmrelease also seems to be stuck with
ProgressingWithRetry