fluxcd / helm-controller

The GitOps Toolkit Helm reconciler, for declarative Helming
https://fluxcd.io
Apache License 2.0
414 stars 163 forks source link

Changes in postRenderers are ingored #964

Closed alex-berger closed 6 months ago

alex-berger commented 6 months ago

Given the below HelmRelease with helm-controller v0.37.4:

apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: podinfo
  namespace: default
spec:
  interval: 1m
  chart:
    spec:
      chart: podinfo
      version: '>=6.0.0 <7.0.0'
      sourceRef:
        kind: HelmRepository
        name: podinfo
      interval: 1m
      reconcileStrategy: ChartVersion
  upgrade:
    remediation:
      retries: -1
  driftDetection:
    mode: enabled
  postRenderers:
    - kustomize:
        patches:
          - patch: |
              apiVersion: apps/v1
              kind: Deployment
              metadata:
                name: podinfo
                namespace: default
                annotations:
                   hello: world # Changing this line will not trigger an update (unexpected)
  values:
     dummy: x # However, changing this line will trigger an update (expected)

Observed Behavior

Changes to spec.postRenderers will not trigger an update of the HelmRelease. However, changing for example .spec.values.* or spec.chart.spec.* will trigger an update.

Expected Behavior

Changes to spec.postRenderers should trigger an update of the HelmRelease.

stefanprodan commented 6 months ago

I think the patch does nothing, hence no upgrade. HelmRelease patches shouldn't have a namespace, instead you should specify a target by name only, https://fluxcd.io/flux/components/helm/helmreleases/#post-renderers

alex-berger commented 6 months ago

@stefanprodan Actually, the patch works (with and without namespace, I tested both). If I change for example .spec.values then the patch is applied. So, the problem is not the patch, it's the helm-controller not realizing that something (the spec.postRenderers) changed and that this might change the generated resources.

stefanprodan commented 6 months ago

@alex-berger are these changes applied if you run flux reconcile hr?

alex-berger commented 6 months ago

@alex-berger are these changes applied if you run flux reconcile hr?

No

stefanprodan commented 6 months ago

I reproduced this with a pre-release build of helm-controller, so this bug is currently blocking the GA release.

Install with hello: world applies the patch, then updating the patch to hello: world2 skips the upgrade and bumps the observed generation.

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  creationTimestamp: "2024-05-04T07:58:56Z"
  finalizers:
  - finalizers.fluxcd.io
  generation: 2
  name: podinfo
  namespace: podinfo
  resourceVersion: "1728"
  uid: 2b6eacb4-3881-430f-8c5a-65d016ce69e9
spec:
  chartRef:
    kind: OCIRepository
    name: podinfo
  interval: 10m
  postRenderers:
  - kustomize:
      patches:
      - patch: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: podinfo
            namespace: default
            annotations:
               hello: world2
  values:
    replicaCount: 2
status:
  conditions:
  - lastTransitionTime: "2024-05-04T07:59:07Z"
    message: Helm install succeeded for release podinfo/podinfo.v1 with chart podinfo@6.6.2+83295d47de6d
    observedGeneration: 2
    reason: InstallSucceeded
    status: "True"
    type: Ready
  - lastTransitionTime: "2024-05-04T07:59:07Z"
    message: Helm install succeeded for release podinfo/podinfo.v1 with chart podinfo@6.6.2+83295d47de6d
    observedGeneration: 1
    reason: InstallSucceeded
    status: "True"
    type: Released
  history:
  - chartName: podinfo
    chartVersion: 6.6.2+83295d47de6d
    configDigest: sha256:e15c415d62760896bd8bec192a44c5716dc224db9e0fc609b9ac14718f8f9e56
    digest: sha256:958cf0f4d818bb79dc5aedb9f86f2ce57090c7c508efd090dfa8215a20ac28cd
    firstDeployed: "2024-05-04T07:58:59Z"
    lastDeployed: "2024-05-04T07:58:59Z"
    name: podinfo
    namespace: podinfo
    ociDigest: sha256:83295d47de6d6ca634ed4b952a7572fc176bcc38854d0c11ca0fa197bc5f1154
    status: deployed
    version: 1
  lastAppliedRevision: 6.6.2+83295d47de6d
  lastAttemptedConfigDigest: sha256:e15c415d62760896bd8bec192a44c5716dc224db9e0fc609b9ac14718f8f9e56
  lastAttemptedGeneration: 2
  lastAttemptedReleaseAction: install
  lastAttemptedRevision: 6.6.2+83295d47de6d
  lastAttemptedRevisionDigest: sha256:83295d47de6d6ca634ed4b952a7572fc176bcc38854d0c11ca0fa197bc5f1154
  observedGeneration: 2
  storageNamespace: podinfo
hiddeco commented 6 months ago

To address this issue, you would have to start keeping track of the latest patch configuration in the Status to be able to detect changes and force an upgrade.

The workaround until this has been handled is to use flux reconcile --force.