Comments (11)
Something got me really confused with the optional
flag. I though that optional was saying that if the values was not found, either the Secret/ConfigMap object OR the valuesKey in the Secret/ConfigMap, it didn't matter.
After some testing, I understand that optional is really only saying that if the Secret or ConfigMap does not exist we don't care but if it does exist, you better have that valuesKey defined in those Secret/ConfigMap otherwise, reconciliation will fail.
That feels counterintuitive. If the valuesFrom is really optionnal, reconcilliation should be successful even if the valuesKey does not exist.
Any though ?
from helm-controller.
This choice was made because you can not reliably restore the cluster state from Git repositories if the configuration of a service relies on some URL being available.
We could document a workaround for migration.
A user could create a CronJob in the same namespace that curls a URL into a ConfigMap using a config-editor ServiceAccount.
The HelmRelease may then depend on that.
The CronJob can choose what to do when the URL becomes unavailable which allows the user to decide how the error should be handled separately from whether the valueRef's is optional
.
from helm-controller.
having the optional param ...
Do we already support optional vs. required valueRefs
?
I don't see it in the current API.
I was thinking we could basically take the same optional
field from Pod's ConfigMapEnvSource
It should be noted that even if we are no longer supporting URL's, ConfigMap/Secrets
's with values may often not come from the same gitRepo or even a gitRepo at all.
They may come from another gitRepo, be placed in the cluster manually (example above), or be the result of some other controller (ex: cert-manager).
Should we support explicitly optional valueRefs?
from helm-controller.
optional
valueRefs would allow helmReleases to change config based on the live state of the cluster.
This could be useful for allowing a users to extend behavior at a later date with their own repo without modifying the HelmRelease object.
As long as the user can create/modify the referenced Configs, they can turn on/off features and etc.
This works kind of like a UNIX style /config.d/ dir.
I do a similar thing with volumes:
I like to modify my CoreDNS config so that adding keys to a separate coredns-corefile-extras
ConfigMap ends up appending to the config from other repos.
This is done through an optional volumeMount for /etc/corefiles.d/
.
from helm-controller.
@stealthybox Hello! I would like to offer my help if I can on getting the watch working on the respective resources?
from helm-controller.
Hi guys! Not sure where this Watching feature is but when values in ConfigMaps or Secrets change there goes no release upgrades and I have not found anything better rather than do flux delete hr <name>
to apply the changes which isn't the desired way of course.
from helm-controller.
If you're using valuesFrom with a secret ref or configmap the flux reconcile hr
command should pick up the changes, or automatically be picked up on the next reconciling event. @XtremeAI is that not the case?
If so you should provide specific reproduction instructions as you may have found a new bug, that is not the subject of this issue report. The watching functionality is only meant to accelerate this behavior, it should be happening on its own if you are patient or if you manually trigger the HelmRelease reconciling.
Please be very specific as this functionality seems to be working for me and so you may have to describe the particular conditions that led to an edge case which I am not naturally going to find on my own.
(Edit: apologies as I may have this confused with another issue report, some of the details don't seem to match the issue I thought I was commenting on.)
from helm-controller.
Hi @yebyen . Thanks for response. I went and did a bit more research and reconciliation does go ahead which kicks the helm upgrade
of the chart. Therefore the issue I am having that pods that rely on new config maps are not getting restarted are probably related to helm upgrade
not the HelmRelease controller... so I will dig in that direction I guess ...
(upd) OK, found the root cause: https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
from helm-controller.
Awesome
I think the recreate-pods
is only supported through rollback spec in Helm Controller. That root cause link you mentioned @XtremeAI is perfect, you can enforce the pods recreation through use of an annotation that changes based on the shasum of the configmap. Then you also get the benefit of only recreating pods when the configmap has actually changed under it!
from helm-controller.
Before I create a new feature request. helm-operator allowed you to specify the source namespace for configmaps and secrets that were used in the valuesFrom. This was very useful, and I'm wondering if there is a specific reason that functionality was removed?
from helm-controller.
from helm-controller.
Related Issues (20)
- Drift Detection is not logging JSON patch when --log-level=debug
- HelmRelease verify provider gpg HOT 1
- Drift mode should detect extra properties HOT 2
- Chart version only includes git SHA at root chart HOT 2
- Only deploy prerelease versions HOT 1
- Feature Request: Replace reconciliation interval with cron schedule in HelmRelease CRD HOT 1
- [BUG] Drift Detection can not be disabled for specific resources using annotations or labels
- [BUG] memory usage grows exponentially when there are lots of CRDs HOT 2
- [BUG] Helm drift detection on configmap patching '*** (after)' instead of the actual template from the helm chart HOT 13
- Backward compatibility of helm-controller HOT 6
- FEATURE: First-class support for secret decryption HOT 1
- Unable to detect server capabilities HOT 16
- HelmRelease: CRDs of disabled subcharts get installed anyway HOT 9
- Failed to reconcile HelmRelease field immutable HOT 1
- DependsOn readiness check should only rely on Ready condition HOT 10
- (site) DependsOn does not document cross-namespace dependencies HOT 2
- Changes in postRenderers are ingored HOT 6
- v0.37.4 has CVE-2024-26147 high vulnerability HOT 1
- Flux Helm Not Removing HPA objects on upgrade HOT 1
- Can't seem to install pre-release helmrelease (A.B.C-alpha.N)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-controller.