Kap 09 #701
Kap 09 #701
Conversation
|
Thank you @Jean-Daniel, this is a great idea. I know that @simu and @srueg are also interested in this and would also like to get their opinion. Personally I like the idea of moving away from helm cffi, although we need to consider other angles. |
|
That's great, thanks! I'll do some tests and review this PR 🎉 |
| # uses absolute path to make sure helm interpret it as a | ||
| # local dir and not a chart_name that it should download. | ||
| args.append(os.path.abspath(chart_dir)) | ||
|
|
There was a problem hiding this comment.
Should we add --include-crds or make it configurable?
There was a problem hiding this comment.
Yes, this is both 2 reasonable flags to add by defaults.
Should we add skip_crds and include_tests configuration flags then.
The only drawback I see with this names, is that helm already has an unrelated --skip-crds flags.
There was a problem hiding this comment.
I'd suggest to add include_crds and skip_tests just with a default of true to name them after the flags.
|
I tried to get rid of some of the debug output in this PR: helm/helm#8992 Or should we try to filter the stdout of the |
As the Kapitan debug output already print the generated files names, we can probably disable helm stdout completely ( Or enable it only when debug log is enabled. |
|
Btw @sebradloff you might want to have a look at this 😄 |
| args.append("--output-dir") | ||
| args.append(output_path) | ||
|
|
||
| if self.kube_version: |
There was a problem hiding this comment.
This is an amazing PR! I would recommend however to take helm_params as an input for all the additional flags like api-versions, validate, etc. I think it makes it a little more flexible.
There was a problem hiding this comment.
I pushed a new version that supports most helm flags. There is just a bunch of flags that are disabled because they either affect the output, or are useless for templating and only relevant on install.
Note that helm template has a --release-name flag that conflicts with the release_name helm_params. This version now recommend to use name instead of release_name. To supports inventory that keep using release_name, the helm input check if the release_name value is a bool. If not, it prints a deprecation warning and keep using the release_name value as name.
There was a problem hiding this comment.
In regards to the conflict of name and release_name, I think your solution make sense of printing the warning makes sense.
kapitan/inputs/helm.py
Outdated
|
|
||
| if param in HELM_DENIED_FLAGS: | ||
| logger.warning("helm flag '%s' is not supported and will be ignored.", param) | ||
| continue |
There was a problem hiding this comment.
Should we maybe abort here? Warning output might be missed and lead to unexpected behavior if the flags are just dropped.
| && pip install . | ||
|
|
||
| # Install Helm | ||
| RUN apt-get install --no-install-recommends -y curl \ | ||
| && curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 \ |
There was a problem hiding this comment.
should we be pinning the version of helm3 that gets downloaded? I believe if I'm reading the get_helm.sh script correctly, we could technically set a DESIRED_VERSION to control the helm3 version being downloaded instead of defaulting to latest.
There was a problem hiding this comment.
get_helm.sh supports --version flag. What would be the benefit of pinning the version ?
There was a problem hiding this comment.
I feel like in general there are bug fixes here and there that happen with any software. I feel like since we directly depend on the helm binary and we have an "open" interface with helm_params it might be worth being methodical on upgrading versions. Just a thought, don't think it's required.
There was a problem hiding this comment.
The get_helm.sh script is design to fetch only v3 version. So, all updates should be backward compatible.
Just like this image is using latest python3.7, git or gnupg binaries, I don't think it should cause issues using the latest helm 3 release.
|
@Jean-Daniel @srueg @sebradloff are we happy with the state of this? |
|
I'm using it for some times now and haven't encounter any issue yet. So I'm fine with it. |
kapitan/helm_cli.py
Outdated
| try: | ||
| logger.debug("launching helm with arguments: %s", args) | ||
| res = subprocess.run( | ||
| args=["helm"] + args, stderr=PIPE, stdout=stdout or (PIPE if verbose else DEVNULL) |
There was a problem hiding this comment.
I think it would make sense if we can somehow configure which helm binary to use instead of relying on a hardcoded value. Some users might have a dual-helm setup with helm v2 and v3 and their helm binary might be called helm3 or so. Maybe try to use the binary in an env var like "HELM_BIN" (or whatever appropriate) and default to helm if not defined?
e.g. https://github.com/roboll/helmfile allows to set the "helmBinary" config.
There was a problem hiding this comment.
For that, I think it would be best to support a helm_path option along the other ones
There was a problem hiding this comment.
Both use cases are valid IMHO. Some people may need to set the path globally (if they want to use a specific helm for everything), and some will need to set it per compile action (to compile a helm2 chart for instance).
There was a problem hiding this comment.
yeah, sure. being able to specify it globally or per compilation should give enough flexibility
I think this PR is great. Helm2 binary as an option sounds like a good idea, since some people might be stuck with old open source charts. |
|
@Jean-Daniel is anything blocking this? |
|
Hey @Jean-Daniel do you wanna master rebase this? It should fix the failed binary tests as we discontinued the binary in #740 |
An actually difference with the cffi implementation is that if something goes wrong, it raises a HelmFetchingError instead of silently failing. It is consistent with Git and Http behaviour which raise errors too if the fetch operation fails.
It mostly matches the cffi implementation with one difference: - release_name is required when using Helm CLI. This implementation uses —generate-name flag if neither release_name nor template_name are specified, which may cause different output. This commit also add `validate` flag support, which is required to compile some templates that rely on cluster Capabilities (cilium with ServiceMonitor for instance).
- reduce denied flags list to the bare minimum. No need to raise error when using an irrelevant flag like atomic. - raise an error if flags contains a '-' instead of '_'. Allowing both may cause subtle bugs if both syntaxes are used in the same target for the same flag.
Co-authored-by: Simon Rüegg <[email protected]>
When specified, run helm template without specifying --output-dir and pipe the result into a single file.
All helm invocation will try to use the value set in the env var KAPITAN_HELM_PATH. Fetch and compile action takes a helm_path parameter to specify per target helm binary.
Done. Note that #741 erroneously remove the |
|
I did a quick test with my repo, and this pretty much doubles the compile speed (for prometeus chart) in my case beforeafter |
|
A tiny issue I have found, is that the produced files have a different formatting (which we already experienced in #360) so that replacing the old helm support for the new one will make the review process tedious (because we will have lots of formatting diffs) Do you know whether it is possible to still prettify the helm output even with this new input type? |
|
We can do the same we've done before here https://github.com/kapicorp/kapitan/pull/385/files @ademariag |
Implementation of kap-9: Bring your own Helm.
fixes: #368 #647
Proposed Changes
This PR takes care of both helm_fetch and helm input. It completely removes the need for golang and cffi to build and install Kapitan.
It is based on and tested Helm 3 only as Helm 2 support ended the November 13, 2020.