Support helm.Chart with helm hooks #555
Comments
|
Worth noting that #511 would be at least some way of supporting these charts without modification, but ofc with the overhead of running and configuring Tiller securely. |
|
This might involve a helm provider proper. Should we do this now, or should we be waiting for Helm 3? |
|
@hausdorff @lblackstone What's the proposal for addressing this? |
|
I'm not very familiar with Helm hooks, but it looks like a pretty big list of scenarios that it supports: https://github.com/helm/helm/blob/master/docs/charts_hooks.md#the-available-hooks AFAICT, Pulumi can natively handle all of the lifecycle hooks (pre/post/crd install hooks), so we probably just need to specially handle the For now, I'm inclined to skip deploying Pods with the |
|
I'm not sure that we'll ever support lifecycle hooks, but certainly not in Q3—I'll remove the label. In the mean time, we can commit to skipping the test hooks, and documenting that our Helm support is limited to the semantics of |
|
The workaround posted in this issue no longer works for me. I get an error saying there's no After adding a metadata.name to the List I get a |
|
Looks like ingress-nginx uses helm hooks to deploy admission-webhook things. For this limitation we cannot deploy ingress-nginx. |
|
@shinebayar-g |
|
@shinebayar-g @draconisNoctis We fixed a bug in the v3 SDK in #1335 that was likely the cause of the issues you were seeing. Can you give it a try with the |
|
@lblackstone I deployed ingress-nginx chart as I did another test today. Upgraded nginx chart version from 3.17.0 to 3.23.0 to demonstrate upgrade scenario. Also looks like everything went smooth. |
|
The transformation function in the original comment no longer works. Here's an updated one (in Typescript) in case someone else needs it. |
|
Is it possible to suppress Diagnostics messages in |
|
@maxromanovsky If you're looking to suppress only those messages, I don't think that's possible. But you can use the transformation function I posted above to remove the helm hook annotations so it won't be an issue. |
|
@bob-bins thank you for the tip! I thought there's more idiomatic approach :) Anyway, here's the transformation very similar to @bob-bins, but in Python: def remove_helm_hooks(obj):
if 'metadata' in obj and 'annotations' in obj['metadata']:
for key in list(obj['metadata']['annotations'].keys()):
if key in ['helm.sh/hook', 'helm.sh/hook-delete-policy']:
del obj['metadata']['annotations'][key] |
@hausdorff In this case isn't it better in the docs and errors to advise against using Chart when hooks are involved and instead pushing people towards more appropriate methods of adding a package of resources. Just removing blindly ignoring/removing hooks probably isn't a great idea, but at the moment it's the only solution presented. p.s. an alternative transform to remove those annotations (typescript noob so use with caution): // A transformation to remove Helm hooks. Pulumi does not support running them and will complain if they exist.
// See: https://github.com/pulumi/pulumi-kubernetes/issues/555#issuecomment-810383577
removeHelmHooksTransformation(o: pulumi.ResourceTransformationArgs): pulumi.ResourceTransformationResult {
if (o.props?.metadata?.annotations?.["helm.sh/hook"]) {
delete o.props.metadata.annotations['helm.sh/hook']
delete o.props.metadata.annotations['helm.sh/hook-delete-policy']
}
return o
} |
Hi, @lblackstone can this issue considered as a fixed now? If yes it would be awesome to remove these warnings introduced in #1454 |
|
We're planning to take another look at this soon, and will add toggles for the warnings if we aren't able to support all of the hooks. |
|
@lblackstone Have you maybe had another look on this issue? :-) |
|
Hey, sorry for the delayed response here. Relatedly, we're hard at work on a new approach to managing Helm resources with Pulumi that will also support all hooks. If you're interested, the work in progress can be found here: #1677 Feedback is welcome, so chime in on that PR if you have comments on the approach! |
|
#1677 has been merged and Helm Release support is in public preview with v3.7.0 of the Kubernetes provider/sdk. As discussed in https://www.pulumi.com/blog/full-access-to-helm-features-through-new-helm-release-resource-for-kubernetes/, hooks are a good reason to consider Helm Release over the chart resource. Closing. |
|
Slightly related, I've opened an issue over at helm (helm/helm#10153) asking about the future of helm hooks overall, given that their non-declarative nature doesn't really fit the rest of the kubernetes ecosystem. |
|
Hello, I try to deploy velero with pulumi: helm: https://vmware-tanzu.github.io/helm-charts But I have theses warnings: Did you have any suggestions for making it work ? thanks in advance for your help |
|
Hi, I want to use this https://artifacthub.io/packages/helm/aws-efs-csi-driver/aws-efs-csi-driver But I received this warning: Info kubernetes.helm.v3.Chart(
f"efs-csi-driver{DEPLOY_NAME_PREFIX}",
kubernetes.helm.v3.ChartOpts(
chart="aws-efs-csi-driver",
version="2.4.7",
fetch_opts=kubernetes.helm.v3.FetchOpts(
repo="https://kubernetes-sigs.github.io/aws-efs-csi-driver/"
),
namespace=namespace.metadata.name,
values={
"logLevel": "debug",
"replicaCount": "1",
"region": "us-west-2",
},
),
pulumi.ResourceOptions(
provider=provider,
parent=namespace,
)
) |
|
The helm release is pretty "black boxy" in its approach to helm generated resources. This causes all sorts of issues sometimes with regards to deterministic pulumi state |
|
So it's 2024 in here and I have this: What should I do? This is default chart for aws from aws itself. Pulumi version is latest ATM. |
Pulumi program: https://gist.github.com/gobengo/590a88e3b951fa3f66c8d8e963bf34a0
I am trying to use the latest wordpress chart (version 5.9.0) to test out pulumi-kubernetes'
helm.Chart. The pulumi kubernetes docs for helm use a much earlier one.However, when I
pulumi up, it ends up failing because this helm chart includes ahelm.sh/hook: test-successannotation. The mariadb chart it composes has a test hook as well, so there are two that fail.Pulumi seems to be unaware of hook semantics (understandable). The end result is that the hook pods get created at the same time (sometimes) before the app Pods they depend on (i.e. mariadb), and so they fail with exit code 1, which causes the pulumi deployment to fail as well.
I was able to work around this by providing a transformation created with
Ideally, pulumi-kubernetes would be aware of helm hook semantics and would, e.g., wait for other Pods to be deployed and ready before creating Pods with the
helm.sh/hook: test-successannotation. In lieu of full semantic support, it would be nice to maybe just not deploy pods with that annotation at all (and warn with a link to this issue or a more appropriate one).The text was updated successfully, but these errors were encountered: