Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding kustomize transformers: causes breakage #41

Open
benjamin-tucker opened this issue Jun 26, 2023 · 3 comments
Open

adding kustomize transformers: causes breakage #41

benjamin-tucker opened this issue Jun 26, 2023 · 3 comments

Comments

@benjamin-tucker
Copy link

Hello - firstly, thanks for awesome plugin. It solves big problems for us. Please can you help me solve this one? I am totally flummoxed.

I'm trying to add labels, following this https://github.com/roboll/helmfile/blob/master/docs/advanced-features.md#transformers

  • Labels get added as expected, but if the chart takes parameters it nulls them and some stuff is removed(!)
  • Occurs on multiple charts
  • Works perfectly, if helmfile template | k apply -f - run locally on my mac (ofcourse, it always does!)

argo-cd = v2.7.6+00c914a.dirty
plugin = travisghansen/argo-cd-helmfile:v0.3.6


Specific example

This works:

$ cat helmfile.yaml
---

repositories:
  - name: prometheus-community
    url: https://prometheus-community.github.io/helm-charts

releases:
  - name: "prometheus-blackbox-exporter"
    chart: "prometheus-community/prometheus-blackbox-exporter"
    namespace: "kube-system-monitoring"

    values:
      - ./values/values-common.yaml

    set:
      - name: ingress.hosts[0].host
        value: prometheus-blackbox.private.{{ requiredEnv "CLUSTER" }}.{{ requiredEnv "TOP_LEVEL_DOMAIN" }}

This adds the label, but it unwinds the set, and removes the psp, role and rolebind. ❓ 🤷 🧠

$ cat helmfile.yaml
---

repositories:
  - name: prometheus-community
    url: https://prometheus-community.github.io/helm-charts

releases:
  - name: "prometheus-blackbox-exporter"
    chart: "prometheus-community/prometheus-blackbox-exporter"
    namespace: "kube-system-monitoring"

    values:
      - ./values/values-common.yaml

    set:
      - name: ingress.hosts[0].host
        value: prometheus-blackbox.private.{{ requiredEnv "CLUSTER" }}.{{ requiredEnv "TOP_LEVEL_DOMAIN" }}

    transformers:
      - apiVersion: builtin
        kind: LabelTransformer
        metadata:
          name: notImportantHere
        labels:
          foo: bar
        fieldSpecs:
          - kind: Deployment
            path: spec/template/metadata/labels
            create: true
$ argocd app diff argocd/prometheus-blackbox-exporter

===== apps/Deployment kube-system-monitoring/prometheus-blackbox-exporter ======
193a194
>         foo: bar

===== networking.k8s.io/Ingress kube-system-monitoring/prometheus-blackbox-exporter ======
54c54
<   - host: prometheus-blackbox.private.<redacted>
---
>   - host: CHANGE_ME

===== policy/PodSecurityPolicy /prometheus-blackbox-exporter-psp ======
1,67d0
< apiVersion: policy/v1beta1
< kind: PodSecurityPolicy
< metadata:
<   annotations:
<     kubectl.kubernetes.io/last-applied-configuration: |
<       {"apiVersion":"policy/v1beta1","kind":"PodSecurityPolicy","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"prometheus-blackbox-exporter","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"prometheus-blackbox-exporter","app.kubernetes.io/version":"v0.24.0","argocd.argoproj.io/instance":"prometheus-blackbox-exporter","helm.sh/chart":"prometheus-blackbox-exporter-7.10.0"},"name":"prometheus-blackbox-exporter-psp"},"spec":{"allowPrivilegeEscalation":false,"fsGroup":{"ran
===== rbac.authorization.k8s.io/Role kube-system-monitoring/prometheus-blackbox-exporter ======
1,53d0
< apiVersion: rbac.authorization.k8s.io/v1
< kind: Role
< metadata:
<   annotations:
<     kubectl.kubernetes.io/last-applied-configuration: |
<       {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"prometheus-blackbox-exporter","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"prometheus-blackbox-exporter","app.kubernetes.io/version":"v0.24.0","argocd.argoproj.io/instance":"prometheus-blackbox-exporter","helm.sh/chart":"prometheus-blackbox-exporter-7.10.0"},"name":"prometheus-blackbox-exporter","namespace":"kube-system-monitoring"},"rules":[{"apiGroups":
===== rbac.authorization.k8s.io/RoleBinding kube-system-monitoring/prometheus-blackbox-exporter ======
1,52d0
< apiVersion: rbac.authorization.k8s.io/v1
< kind: RoleBinding
< metadata:
<   annotations:
<     kubectl.kubernetes.io/last-applied-configuration: |
<       {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"RoleBinding","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"prometheus-blackbox-exporter","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"prometheus-blackbox-exporter","app.kubernetes.io/version":"v0.24.0","argocd.argoproj.io/instance":"prometheus-blackbox-exporter","helm.sh/chart":"prometheus-blackbox-exporter-7.10.0"},"name":"prometheus-blackbox-exporter","namespace":"kube-system-monitoring"},"roleRef":{"api%

My values file

$ cat values/values-common.yaml
---
ingress:
  enabled: true
  className: nginx-private
  hosts:
    - host: CHANGE_ME
      paths:
        - path: /
          pathType: Prefix

local run (x86 mac)
helmfile = v0.153.1
helm = v3.11.3
kustomize = v5.1.0

Deploy the application using argo-cd  (without the transformer) - first helmfile
Add the transformer - 2nd helmfile

$ helmfile template | k apply -f -
Adding repo prometheus-community https://prometheus-community.github.io/helm-charts
"prometheus-community" has been added to your repositories

Templating release=prometheus-blackbox-exporter, chart=/var/folders/9h/5kdwd1zd3bjchvwqpcg1t8fw0000gq/T/chartify3204551211/kube-system-monitoring/prometheus-blackbox-exporter/prometheus-blackbox-exporter
serviceaccount/prometheus-blackbox-exporter configured
configmap/prometheus-blackbox-exporter configured
service/prometheus-blackbox-exporter configured
deployment.apps/prometheus-blackbox-exporter configured
ingress.networking.k8s.io/prometheus-blackbox-exporter configured

$ argocd app diff argocd/prometheus-blackbox-exporter

===== /ConfigMap kube-system-monitoring/prometheus-blackbox-exporter ======
23a24
>     argocd.argoproj.io/instance: prometheus-blackbox-exporter

===== /Service kube-system-monitoring/prometheus-blackbox-exporter ======
11a12
>     argocd.argoproj.io/instance: prometheus-blackbox-exporter

===== /ServiceAccount kube-system-monitoring/prometheus-blackbox-exporter ======
11a12
>     argocd.argoproj.io/instance: prometheus-blackbox-exporter

===== apps/Deployment kube-system-monitoring/prometheus-blackbox-exporter ======
15a16
>     argocd.argoproj.io/instance: prometheus-blackbox-exporter
205d205
<         foo: bar

===== networking.k8s.io/Ingress kube-system-monitoring/prometheus-blackbox-exporter ======
12a13
>     argocd.argoproj.io/instance: prometheus-blackbox-exporter
@travisghansen
Copy link
Owner

Can you send to full output of the helmfile template command with/without the transformers? I'm interested to see what the product is.

I've never used transformers but on the surface I don't see any reason why they wouldn't work. Any chance of differences of versions of helm, helmfile, kustomize, etc?

@jjungnickel
Copy link
Contributor

jjungnickel commented Jul 4, 2023

I'm currently in the process of investigating a similar issue. This appears to be caused by the --api-versions that are passed to helm template by way of helmfile template --args <...> not being passed to chartify which is only being involved once you specify patches/transformers.

If the templates use .Capabilities.APIVersions the resources will not be in included.

It appears that those versions defined in the state file via apiVersions will get passed on, so I was able to work around this by defining in my helmfile:

apiVersions:
  {{ env "KUBE_API_VERSIONS" | splitList "," | toYaml | nindent 2 }}

@travisghansen
Copy link
Owner

Wow good find. Here is a base file all my files include.

# note that helm currently *appends* these values vs replaces them
# https://github.com/helm/helm/pull/10108
apiVersions:
- networking.k8s.io/v1/IngressClass
#- networking.k8s.io/v1beta1/IngressClass
{{- if (env "KUBE_API_VERSIONS") }}
{{- range $apiV := ( requiredEnv "KUBE_API_VERSIONS" | split "," ) }}
- {{ $apiV }}
{{- end }}
{{- end }}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants