search

zebernst / synology-csi-talos

CSI driver for Synology NAS with support for Talos Linux
Apache License 2.0
24 stars 16 forks source link

fix: helm chart secret persistence #5

Closed ericchu94 closed 2 months ago

ericchu94 commented 6 months ago

The client-info secret is deleted by helm when a chart is upgraded. This is especially cumbersome when using declarative tools like helmsmans:

$ helmsman -f helmsman2.yaml --show-diff  --show-secrets

 _          _
| |        | |
| |__   ___| |_ __ ___  ___ _ __ ___   __ _ _ __
| '_ \ / _ \ | '_ ` _ \/ __| '_ ` _ \ / _` | '_ \
| | | |  __/ | | | | | \__ \ | | | | | (_| | | | |
|_| |_|\___|_|_| |_| |_|___/_| |_| |_|\__,_|_| |_| version: v3.17.0
A Helm-Charts-as-Code tool.

2024-05-29 22:35:31 INFO: validating environment variables in helmsman2.yaml
2024-05-29 22:35:31 INFO: Parsed [[ helmsman2.yaml ]] successfully and found [ 1 ] apps
2024-05-29 22:35:31 INFO: Validating desired state definition
2024-05-29 22:35:31 INFO: Setting up kubectl
2024-05-29 22:35:31 INFO: Setting up helm
2024-05-29 22:35:32 INFO: Getting chart information
2024-05-29 22:35:33 INFO: Charts validated.
2024-05-29 22:35:33 INFO: Preparing plan
2024-05-29 22:35:33 INFO: Acquiring current Helm state from cluster
synology-csi, client-info-secret, Secret (v1) has been removed:
- # Source: synology-csi/templates/client-info.yaml
- apiVersion: v1
- kind: Secret
- metadata:
-   labels:
-     app.kubernetes.io/instance: synology-csi
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: synology-csi
-     app.kubernetes.io/version: v1.1.2
-     helm.sh/chart: synology-csi-0.9.3
-     helm.sh/template: client-info.yaml
-   name: client-info-secret
- data:
-   client-info.yml: '-------- # (110 bytes)'
2024-05-29 22:35:34 INFO: Checking if any Helmsman managed releases are no longer tracked by your desired state ...
2024-05-29 22:35:34 INFO: No untracked releases found
2024-05-29 22:35:34 NOTICE: -------- PLAN starts here --------------
2024-05-29 22:35:34 NOTICE: Release [ synology-csi ] will be updated -- priority: 0
2024-05-29 22:35:34 NOTICE: -------- PLAN ends here --------------

I believe the original intention is for helm to create the secret on install, using the IsInstall flag, and ignore it afterwards. Unfortunately, that isn't how helm works, and if the resource is not rendered on upgrade, it will actually be removed.

Bickio commented 5 months ago

This issue also occurs with helmfile, and is a real pain to work around. Would love to see this merged.

@ericchu94 This comment also needs an update: https://github.com/zebernst/synology-csi-talos/blob/main/charts/synology-csi/values.yaml#L15

ericchu94 commented 5 months ago

@ericchu94 This comment also needs an update: https://github.com/zebernst/synology-csi-talos/blob/main/charts/synology-csi/values.yaml#L15

Updated

zebernst commented 2 months ago

Good catch! This wasn't an issue with my setup (configured things differently) but TY for the bugfix!