Fix import handling for Helm Release

[viveklak]

Proposed changes

Adds ability to import releases.

Note - since releases don't themselves record information about the chart used, repository information is omitted from the code generated.

Related issues (optional)

#1698

[viveklak]

I have manually verified this. Working on an integration test for this.

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[lblackstone]

I think this looks good, but it will likely have a merge conflict with #1809

Not sure which would be easier to merge first

[silphid]

We tried out that PR with the release we're trying to import and we get a warning during preview:

Diagnostics:
  kubernetes:helm.sh/v3:Release (ingress-nginx-controller):
    warning: inputs to import do not match the existing resource; importing this resource will fail

and equivalent error during the actual import:

  kubernetes:helm.sh/v3:Release (ingress-nginx-controller):
    error: inputs to import do not match the existing resource

Is there anything we should do to make that work?

Our resource looks like this in TS:

    new k8s.helm.v3.Release(
      model.name,
      {
        chart: 'ingress-nginx',
        repositoryOpts: {
          repo: 'https://kubernetes.github.io/ingress-nginx',
        },
        values: values,
        version: model.repoVersion,
        namespace: 'nginx-ingress-controller',
        keyring: '~/.gpg/pubring.gpg',
      },
      {
        parent: this,
        import: 'nginx-ingress-controller/release-kl2buwnx',
        provider: cluster.provider,
      }
    );

[viveklak]

We tried out that PR with the release we're trying to import and we get a warning during preview:

Diagnostics:
  kubernetes:helm.sh/v3:Release (ingress-nginx-controller):
    warning: inputs to import do not match the existing resource; importing this resource will fail

and equivalent error during the actual import:

  kubernetes:helm.sh/v3:Release (ingress-nginx-controller):
    error: inputs to import do not match the existing resource

Is there anything we should do to make that work?

Our resource looks like this in TS:

    new k8s.helm.v3.Release(
      model.name,
      {
        chart: 'ingress-nginx',
        repositoryOpts: {
          repo: 'https://kubernetes.github.io/ingress-nginx',
        },
        values: values,
        version: model.repoVersion,
        namespace: 'nginx-ingress-controller',
        keyring: '~/.gpg/pubring.gpg',
      },
      {
        parent: this,
        import: 'nginx-ingress-controller/release-kl2buwnx',
        provider: cluster.provider,
      }
    );

Thanks for testing this out already! I discovered this and a couple of similar issues in my tests as well. Essentially we need to drop some computed items from the inputs which are being detected as conflicts. In addition, we set certain fields as defaults which are conflicting with the import. I will have fixes for both in the PR shortly.

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[viveklak]

I ran into some panics here in tests which this change fixed.

[viveklak]

This is the same as the chart in the local chart example. Its a lot easier to refer to a local chart with the manual chart install and figured its best to copy it. Let me know if we should consolidate instead.

[lblackstone]

Fine by me

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[viveklak]

@lblackstone I think this is ready for another look now.

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[lblackstone]

Fine by me

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[nestobot]

First, thank you so much @viveklak for taking the time to add support for imports, that's deeply appreciated! 👍

Now, I have tried to import our release again with a build of the master branch right after the merge of this PR, however we are still getting the same issue as mentioned above, this time with the resourceNames input:

Previewing update (nesto/dev)

View Live: https://app.pulumi.com/nesto/host/dev/previews/78043fca-7342-4c60-bb86-f92386b20443

     Type                                 Name                      Plan       Info
     pulumi:pulumi:Stack                  host-dev                             
     ├─ nesto:cert-manager                cert-manager                         
     │  └─ kubernetes:helm.sh/v3:Release  cert-manager                         
     └─ nesto:ingress-nginx               ingress-nginx-controller             
 =      └─ kubernetes:helm.sh/v3:Release  ingress-nginx-controller  import     [diff: +repositoryOpts~resour
 
Diagnostics:
  kubernetes:helm.sh/v3:Release (ingress-nginx-controller):
    warning: inputs to import do not match the existing resource; importing this resource will fail
 

Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::host::pulumi:pulumi:Stack::host-dev]
            > kubernetes:core/v1:Secret: (read)
                [id=kube-system/codefresh-token-tx9tj]
                [urn=urn:pulumi:dev::host::nesto:kubernetes$nesto:infra:CodefreshCluster$kubernetes:core/v1:Secret::codefresh]
                [provider=urn:pulumi:dev::host::pulumi:providers:kubernetes::k8s-provider::94f630e8-5f8e-4f99-a362-ba5e6a17ce57]
        = kubernetes:helm.sh/v3:Release: (import)
            [id=nginx-ingress-controller/release-kl2buwnx]
            [urn=urn:pulumi:dev::host::nesto:ingress-nginx$kubernetes:helm.sh/v3:Release::ingress-nginx-controller]
            [provider=urn:pulumi:dev::host::pulumi:providers:kubernetes::k8s-provider::94f630e8-5f8e-4f99-a362-ba5e6a17ce57]
          + repositoryOpts: {
              + repo    : "https://kubernetes.github.io/ingress-nginx"
            }
          ~ resourceNames : {
              ~ ClusterRole.rbac.authorization.k8s.io/rbac.authorization.k8s.io/v1       : [
                  + [1]: "release-kl2buwnx-ingress-nginx-admission"
                ]
              ~ ClusterRoleBinding.rbac.authorization.k8s.io/rbac.authorization.k8s.io/v1: [
                  + [1]: "release-kl2buwnx-ingress-nginx-admission"
                ]
              + Job.batch/batch/v1                                                       : [
              +     [0]: "nginx-ingress-controller/release-kl2buwnx-ingress-nginx-admission-create"
              +     [1]: "nginx-ingress-controller/release-kl2buwnx-ingress-nginx-admission-patch"
                ]
              ~ Role.rbac.authorization.k8s.io/rbac.authorization.k8s.io/v1              : [
                  + [1]: "nginx-ingress-controller/release-kl2buwnx-ingress-nginx-admission"
                ]
              ~ RoleBinding.rbac.authorization.k8s.io/rbac.authorization.k8s.io/v1       : [
                  + [1]: "nginx-ingress-controller/release-kl2buwnx-ingress-nginx-admission"
                ]
              ~ ServiceAccount/v1                                                        : [
                  + [1]: "nginx-ingress-controller/release-kl2buwnx-ingress-nginx-admission"
                ]
            }

Do you want to perform this update? yes
Updating (nesto/dev)

View Live: https://app.pulumi.com/nesto/host/dev/updates/17

     Type                                 Name                      Status                   Info
     pulumi:pulumi:Stack                  host-dev                  **failed**               1 error
     ├─ nesto:cert-manager                cert-manager                                       
     │  └─ kubernetes:helm.sh/v3:Release  cert-manager                                       
     └─ nesto:ingress-nginx               ingress-nginx-controller                           
 =      └─ kubernetes:helm.sh/v3:Release  ingress-nginx-controller  **importing failed**     1 error
 
Diagnostics:
  pulumi:pulumi:Stack (host-dev):
    error: update failed
 
  kubernetes:helm.sh/v3:Release (ingress-nginx-controller):
    error: inputs to import do not match the existing resource

Is there anything we're not doing correctly on our end or is it just yet another computed input that would need to be dropped by the provider?

[silphid]

(Sorry, that was me above, just logged as our bot account! 😉)

[silphid]

Another input that seems to be computed dynamically and which should maybe be dropped is keyring. On my machine, it computes to /Users/mathieu/.gnupg/pubring.gpg, which obviously won't be the same on my colleague's machine (and thus always require an update). What do you think? 🤔

[viveklak]

@silphid thanks for that. You might want to disable the following from the resource during the import.

repositoryOpts: {
          repo: 'https://kubernetes.github.io/ingress-nginx',
},

The reason for this is that helm doesn't seem to persist the repository information on the release. You may want to add repositoryOpts after the import and run a pulumi up so subsequent chart updates/upgrades work.

You can also drop keyring: '~/.gpg/pubring.gpg',.

Happy to chat over slack if you run into further issues with the above and huge thanks for taking this out for a spin so quickly!