-
Notifications
You must be signed in to change notification settings - Fork 7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support --dry-run flag when installing crd #7449
Comments
@jungopro This looks like a chart that is using |
At the time of writing prometheus-operator chart includes the new format (the
|
@Xartos Thanks for raising this issue again. I have confirmed that it fails on @technosophos Is this a bug or expected behaviour? |
This was a documented behavior. At issue is the fact that during a dry run, we do not install the CRDs, but we do use the Kubernetes validation against the output of the chart. So any CR that uses a CRD that is installed by the chart will fail validation during dry run. This is one of those edge cases that surfaced during our protracted discussions of CRDs, and their strange place in the Kubernetes world of objects. The purpose of Dry Run is (at least in my mind) to validate that the output of the chart will actually work if sent to the server. But CRDs are actually a modification of the server's behavior. We can't install the CRD on a dry run, so the discovery client will not know about that CR, and validation will fail. But the workaround seems to be ignoring the CR errors, which means one could get spurious validation where the actual server would not have validated it. Effectively, that would invalidate what dry run is supposed to be doing. The most promising proposal (which nobody has yet implemented) was to write a client-side validation for CRs, which would load any CRDs in the Current work-arounds:
|
@technosophos Thanks for the feedback and the detailed response. Just wondering:
|
The CRD implementation is described in detail in PR #6243, which implements CRDs in Helm 3. Maybe it needs to be added to the doc and use leave this issue open? |
I guess it could make sense to put that whole thing in documentation. |
@jungopro @technosophos Opened a doc PR to describe that Going to set this to a feature (as this is expected behaviour) and change the title. I will also add @technosophos proposal in #7449 (comment) to the description. Thanks @technosophos for the informed feedback and @jungopro for raising this. |
looks like this can be closed now that helm/helm-www#545 has been merged for some time. |
- Made instance creation async in helmer as helm install can sometimes take more than 30s (the max allowed time for a mutating web hook to complete as per Kubernetes spec.) - Added back support for handling helm charts available at public urls; this existed before but had regressed following some recent changes - Added support for helm charts with crds. Specifically, the changes involved the following: - Changed from --dry-run to helm template for evaluating a chart. This is needed as --dry-run fails when there are crds in the chart which have not yet been installed on the server. helm template avoids this issue (See for details: helm/helm#7449) - Upon ResourceComposition delete, explicitly calling kubectl delete to delete the crds from the chart. This is required because helm delete does not delete the crds - Added check in webhook to handle off-by-one error that led KubePlus Pod to ocassionally crash and restart Fixes: #1095 Fixes: #1105 Fixes: #1106 Fixes: #1107
Output of
helm version
:version.BuildInfo{Version:"v3.0.2", GitCommit:"19e47ee3283ae98139d98460de796c1be1e3975f", GitTreeState:"clean", GoVersion:"go1.13.5"}
Output of
kubectl version
:Cloud Provider/Platform (AKS, GKE, Minikube etc.):
AKS v1.15.7
Hello
What happened?
Trying to run a
dry-run
fails but actual install succeeds. I'm unsure if it's a problem with helm as a tool or the specific chartSuggested proposal (from @technosophos in #7449 (comment)):
The most promising proposal (which nobody has yet implemented) was to write a client-side validation for CRs, which would load any CRDs in the crds directory into the local validator and then specifically validate those. While it sounds easy, that's actually a fairly major work-around, since the existing Kubernetes-provided libraries don't really provide us with a way of doing this. PRs are definitely welcome if anyone can think of a clean way of doing this.
The text was updated successfully, but these errors were encountered: