Initial support for CRDs (upgrade) policies

[alex-berger]

This PR adds preliminary support for Upgrading CRDs which are part of Helm Charts managed via HelmRelease objects.

See also fluxcd/flux2#1071 for more information.

Background & Motivation

Helm still does not provide any built-in solution to the CRD upgrade problem, which is well-known and
documented:

There is no support at this time for upgrading or deleting CRDs using Helm. This was an explicit decision after much community discussion due to the danger for unintentional data loss. Furthermore, there is currently no community consensus around how to handle CRDs and their lifecycle. As this evolves, Helm will add support for those use cases.

This limitation of Helm makes GitOps style "day 2 operations" of Kubernetes resources managed by
HelmRelease objects very difficult if not to say impossible. Currently, we have to manually
upgrade CRDs from HelmCharts referenced by HelmReleases, which is cumbersome and needs very
tight (timing) coordination between the commit to the GitOps repository and the manual CRD
upgrade on all systems that observe/apply that commit. This apporach is not only very error
prone it also might cause unnecessary long downtime of services.

Note, most of the Helm Charts that we install and operate are created and maintained by
3rd parties and are not under our control. Extracting all CRDs from every Helm Chart
upon each new release and manually applying those CRD resources is, as mentioned above,
very time intensive, error prone and cumbersome.

Our observation is, that most CRD upgrades are non-critical and only evolve an existing CRD
in a backward compatible fashion. Therefore, I am wondering whether it would make sense to
extends the HelmRelease resources with an opt-in flag to automatically upgrade CRD objects
(if needed).

[alex-berger]

Unfortunately, I run out of ideas how to make the e2e test working with pull request. E2e tests work on my feature branches which are real branches that can be referenced by the GitRepository, but pull request are not real branches so it fails.

[hiddeco]

This already looks great, couple of minor comments and a suggestion that I would like to discuss. 🏅

[hiddeco]

Looks like the tests do now work?

[alex-berger]

Looks like the tests do now work?

As mentioned above the test run on branches and tags, but unfortunately not on pull-requests. See my feature branch (the source branch of the PR at https://github.com/alex-berger/helm-controller/actions for test results).

I have not yet figured out whether there is a way to reference a GitHub pull-request as branch (I wasted 6 hours trying to find a way, but did not find one yet). As my time is limited I have given up and disabled the (new) tests for pull-requests, such that they only run on branches (and maybe tags).

[hiddeco]

I am OK with the e2e approach for now, we should move many of the tests to Go anyway, as has been done with a lot of kustomize-controller.

Anyway, thanks a lot @alex-berger. 💯 🌻

[hiddeco]

I somehow missed this during review, and this change is not related to any of the CRD things. Can you explain why this was changed? As it changes the default of including the last 5 log lines (after de-duplication) in a failure condition and/or event to 100, which makes any failed event we produce now quite verbose.

[alex-berger]

I increased it for debugging during feature development and eventually forgot to decrease it again. 😳

[hiddeco]

Thanks, that means my restore PR is justified and I can continue with the release :-)

[joejulian]

Looks like I'm moments late to comment on this, but has the justifications for helm, itself, not supporting this been considered? https://github.com/helm/community/blob/main/hips/hip-0011.md

[hiddeco]

They have been considered, which is why we default to not enable the behavior as it can be potentially disastrous.

However, given that people use the helm-controller to automatically drive operations, having access to a configuration option that does the right thing if you know how your chart (or the application behind it) behaves on Custom Resource Definition upgrades, it is in my opinion justified.

[joejulian]

This feature would need to be able to add the conversion webhooks simultaneously. Links to them are defined in the CRD itself: see the cert-manager CRDs for example. Without them, the API server will reject create/change verbs to those CRDs.