search

masmovil / masorange_rules_helm

Bazel rules to manipulate and operate Helm charts with Bazel, decrpyt sops secrets, and run operations over cloud services
Apache License 2.0
61 stars 31 forks source link

"helm diff" and "helm lint" convenience wrappers #53

Closed chickenandpork closed 1 year ago

chickenandpork commented 1 year ago

Provide targets to diff and lint helmcharts -- essentially wrappers around "helm diff" and "helm lint".

We found that when upgrading charts, converging values.yaml files, refactoring, it was helpful to be able to take the "repaired" or "improved" service about to be deployed, and helm diff against the running service to see what the diff entails -- or prove that there is no resulting diff after a refactor. Additionally, a helm lint -- also a run rule not as a test -- is a another helpful feature to ensure that avoidable problems are avoided.

In actual usage, I have a multirun (@com_github_atlassian_bazel_tools//multirun) that iterates my deploy environments and confirms the diff for each service (I should do that with "lint"). This has greatly accelerated refactoring to shared templates.

I wanted to share, to get this feature into maintenance so that the commit I'm carrying to customize for our environment is minimized, and so that other people may find it useful.

If desired (file an issue) I'm willing to document a demo of a "multirun diff" to show the force-multiplier of this wrapping.

pmoncadaisla commented 1 year ago

Hey @chickenandpork , thank you for your awesome contribution!

I have a question, why not having lint as test instead of run?

chickenandpork commented 1 year ago

Hey @pmoncadaisla, I imagine this could be written as a test -- I'd strongly support such a change added -- but I needed a "run" for a long-term agenda here:

I wrapped these run targets in a command so that I could lint dev/stage/prod in a single run of a multirun target. Further, I planned to run this target via ibazel, so that when I changed the files, ibazel would trigger a bazel run of the job that lints all the environments at once. In theory, after a lint, I could diff everything to get a concrete idea of what was actually changing on deployment.

I didn't get there. Something was blocking a changed fine from triggering the rebuild: I suspect a missing transitive dependency, but that's just gut feel. I don't know. What I got was a bazel run //some:multilint and bazel run //some/multidiff which gave great mileage to see that, say, the only difference the expected change, across anything that changed.

chickenandpork commented 1 year ago

Hey @pmoncadaisla is this OK to merge? I've got a second PR up (#57), and trying to reduce the commit-carry I have for my employer.

I've actually got the multirun going on a diff and a lint as I noted above, but I'll have to port over when this PR merges.

dudicoco commented 1 year ago

Hi @chickenandpork, i'm looking forward to this addition, thanks!

A few things i've noticed that I believe should be adjusted:

  1. I don't see the installation of the helm diff binary within the toolchains
  2. helm diff works on releases, not charts, the code and documentation should represent that
  3. helm lint works on charts, not releases, the code and documentation should represent that
chickenandpork commented 1 year ago

Hi @dudicoco thanks for reviewing, I'll take a look.