-
Notifications
You must be signed in to change notification settings - Fork 564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add disableValidation and disableOpenAPIValidation per release #1373
Conversation
`disableOpenAPIValidation: true` might be useful for workaround for broken CRDs that is known to be exist in older OpenShift versions, and `disableValidation: true` is confirmed to allow installing charts like prometheus-operator that tries to install CRDs and CRs in the same chart. Strictly speaking, for the latter case I believe you only need `disableValidation: true` set during the first installation, but for the ease of operation I shall suggest you to always set it. Obviously turning validation mostly(disableOpenAPIValidation) or entirely(disableValidation) result in deferring any real error until sync time. We need completely client-side validation that is able to read CRDs and use it for validating any CRs to catch any error before sync. But it worth an another (big) issue. Fixes #1124
…as chart This, in combination with #1172, allows you to use `go-getter`-supported URL for K8s manifests on `chart`, so that Helmfile automatically fetches it and then turning it into a temporary local chart, which is then installed by Helmfile as similar as standard Helm charts. An example usecase of this is to install cert-manager CRDs which is distributed separately from the chart: ``` releases: - name: cert-manager-crds chart: git::http://github.com/jetstack/cert-manager.git@deploy/crds?ref=v0.15.2 ``` I'm adding this based on discussion with @lukasmrtvy. He was trying to install cert-manager and prometheus-opreator with Helmfile, and this combined with #1373 should do the job. Thanks for the input!
…as chart (#1374) This, in combination with #1172, allows you to use `go-getter`-supported URL for K8s manifests on `chart`, so that Helmfile automatically fetches it and then turning it into a temporary local chart, which is then installed by Helmfile as similar as standard Helm charts. An example usecase of this is to install cert-manager CRDs which is distributed separately from the chart: ``` releases: - name: cert-manager-crds chart: git::http://github.com/jetstack/cert-manager.git@deploy/crds?ref=v0.15.2 ``` I'm adding this based on discussion with @lukasmrtvy. He was trying to install cert-manager and prometheus-opreator with Helmfile, and this combined with #1373 should do the job. Thanks for the input!
hey, would that help with not verifying cert-manager certificate resource? the thing is, i'm trying to do a deployment to a shutdown cluster and I dont want it to validate\wait for any of the resources to come up, I just need it to apply and show diffs. |
@4c74356b41 Yep. |
mhm, actually, its trying to patch it everytime, so I dont think that will work :( |
@4c74356b41 Sry, but what do you mean by |
well, its trying to update the resource even when there are no changes - hence it requires talking to the cert-manager webhook:
and I dont want to keep this testing cluster running, its only needed to validate certain things before pushing to develop, so automated CI build. |
@4c74356b41 Well, your issue seems not to relate to validation. Also, the error indicates that you've already installed cert-manager, but the admission webhook isn't working due to some reason. If you really encountered validation error while installing cert-manager and Certificate custom resources on the first install, do use If you already installed cert-manager and its admission webhook, ensure that the admission webhook pods are ready and working. |
thats what I said, I never said I do diff, I said I need it to apply and show the diff, but it appears that helm does try to apply the resources that didn't change, hence the issue |
@4c74356b41 Sorry perhaps I had misread your original comment?
So, are you just trying to defer |
nah, I have a test cluster, which is shutdown most of the time. I use it to test my ci builds, but if its shutdown the certificate that gets deployed times out, because cert-manager is shutdown. I dont think there is any solution to this, unless I configure it to skip certificate deployment on CI builds |
@4c74356b41 Thanks for the response. Sorry but I'm still unable to fully understand your use-case.
What do you mean by I thought it's the former(=literally the whole K8s cluster) initially. But then it should be a matter of #1373 (comment). You said it isn't, that remains me confused.
When is cert-manager up then? Without knowing details of your setup, I can suggest a few options. Running Otherwise, you should be able to use |
disableOpenAPIValidation: true
might be useful for workaround for broken CRDs that is known to be exist in older OpenShift versions, anddisableValidation: true
is confirmed to allow installing charts like prometheus-operator that tries to install CRDs and CRs in the same chart.Strictly speaking, for the latter case I believe you only need
disableValidation: true
set during the first installation, but for the ease of operation I shall suggest you to always set it.Obviously turning validation mostly(disableOpenAPIValidation) or entirely(disableValidation) result in deferring any real error until sync time. We need completely client-side validation that is able to read CRDs and use it for validating any CRs to catch any error before sync. But it worth an another (big) issue.
Fixes #1124