HELM_DIFF_USE_INSECURE_SERVER_SIDE_DRY_RUN not working
aguckenber-chwy opened this issue · comments
I have a lookup within a helm chart:
{{- lookup "v1" "ConfigMap" "kube-system" "cluster-information" | toJson }}
This chart is not yet installed and I am trying to run the following diff:
helm diff upgrade --color --allow-unreleased -q --strip-trailing-cr -n foobar bigfoot-tracker bigfoot-tracker-1.2.5.tgz
With just HELM_DIFF_USE_INSECURE_SERVER_SIDE_DRY_RUN=true the lookup fails, it's not actually hitting the cluster:
▌ helm diff upgrade
▌ ********************
▌ Release was not present in Helm. Diff will show entire contents as new.
▌ ********************
▌ Error: Failed to render chart: exit status 1: Error: execution error at (bigfoot-tracker/charts/first-app/templates/service.yaml:8:8): Could not find ConfigMap/cluster-information in kube-system namespace.
▌ Use --debug flag to render out invalid YAML
▌ Error: plugin "diff" exited with error
I figured I would try turning on HELM_DIFF_USE_UPGRADE_DRY_RUN=True but then I get:
▌ helm diff upgrade
▌ ********************
▌ Release was not present in Helm. Diff will show entire contents as new.
▌ ********************
▌ panic: runtime error: slice bounds out of range [-1:]
▌ goroutine 1 :
▌ github.com/databus23/helm-diff/v3/cmd.extractManifestFromHelmUpgradeDryRunOutput({0x40000db800, 0x3d, 0x400}, 0x0)
▌ github.com/databus23/helm-diff/v3/cmd/helm3.go:324 +0x348
▌ github.com/databus23/helm-diff/v3/cmd.(*diffCmd).template.func3({0x40000db800?, 0x4?, 0x4000616090?})
▌ github.com/databus23/helm-diff/v3/cmd/helm3.go:232 +0x28
▌ github.com/databus23/helm-diff/v3/cmd.(*diffCmd).template(0x400016a000, 0x0)
▌ github.com/databus23/helm-diff/v3/cmd/helm3.go:305 +0x1388
▌ github.com/databus23/helm-diff/v3/cmd.(*diffCmd).runHelm3(0x400016a000)
▌ github.com/databus23/helm-diff/v3/cmd/upgrade.go:292 +0x2c4
▌ github.com/databus23/helm-diff/v3/cmd.newChartCommand.func2(0x4000292908, {0x4000614300, 0x2, 0x194bdc1?})
▌ github.com/databus23/helm-diff/v3/cmd/upgrade.go:215 +0x340
▌ github.com/spf13/cobra.(*Command).execute(0x4000292908, {0x4000614280, 0x8, 0x8})
▌ github.com/spf13/cobra@v1.8.0/command.go:983 +0x840
▌ github.com/spf13/cobra.(*Command).ExecuteC(0x4000292c08)
▌ github.com/spf13/cobra@v1.8.0/command.go:1115 +0x344
▌ github.com/spf13/cobra.(*Command).Execute(0x2a94178?)
▌ github.com/spf13/cobra@v1.8.0/command.go:1039 +0x1c
▌ main.main()
▌ github.com/databus23/helm-diff/v3/main.go:15 +0x20
▌ Error: plugin "diff" exited with error
I assume the error above is because --allow-unreleased is set and the HOOKS are not found but unsure.
All I am trying to do is diff a helm chart with a lookup clause but none of the options work.
There error can be ignored. I was using an older version of helm which this plugin was unhappy with. v3.14.0 is fine.
However, its still worth highlighting that it doesn't appear as if HELM_DIFF_USE_INSECURE_SERVER_SIDE_DRY_RUN is even used which makes the README inaccurate. Setting HELM_DIFF_USE_UPGRADE_DRY_RUN=true by default with uses --dry-run=server which is also unexpected. It should not use the service unless the prior env variable says so.
I lied. Still getting:
goroutine 1 [running]:
github.com/databus23/helm-diff/v3/cmd.extractManifestFromHelmUpgradeDryRunOutput({0x40006c0000, 0x3d, 0x400}, 0x1)
github.com/databus23/helm-diff/v3/cmd/helm3.go:324 +0x348
github.com/databus23/helm-diff/v3/cmd.(*diffCmd).template.func3({0x40006c0000?, 0x4?, 0x4000218000?})
github.com/databus23/helm-diff/v3/cmd/helm3.go:232 +0x28
github.com/databus23/helm-diff/v3/cmd.(*diffCmd).template(0x40003d2ea0, 0x0)
github.com/databus23/helm-diff/v3/cmd/helm3.go:305 +0x1388
github.com/databus23/helm-diff/v3/cmd.(*diffCmd).runHelm3(0x40003d2ea0)
github.com/databus23/helm-diff/v3/cmd/upgrade.go:292 +0x2c4
github.com/databus23/helm-diff/v3/cmd.newChartCommand.func2(0x4000428f08, {0x40002143f0, 0x2, 0x194bdc1?})
github.com/databus23/helm-diff/v3/cmd/upgrade.go:215 +0x340
github.com/spf13/cobra.(*Command).execute(0x4000428f08, {0x4000214380, 0x7, 0x7})
github.com/spf13/cobra@v1.8.0/command.go:983 +0x840
github.com/spf13/cobra.(*Command).ExecuteC(0x4000429208)
github.com/spf13/cobra@v1.8.0/command.go:1115 +0x344
github.com/spf13/cobra.(*Command).Execute(0x2a94178?)
github.com/spf13/cobra@v1.8.0/command.go:1039 +0x1c
main.main()
github.com/databus23/helm-diff/v3/main.go:15 +0x20
Error: plugin "diff" exited with error
helm.go:84: [debug] plugin "diff" exited with error
Turns out when helm upgrade bigfoot-tracker temp/foo/bigfoot-tracker-1.2.5.tgz --namespace 8c5ef7c9-feature-foobar --install --dry-run=server is run, if the chart errors any validations such as {{- fail ""}} or JSON schema validation erros, the error isn't printed. Instead the above useless error is printed.
I lied. Still getting:
goroutine 1 [running]: github.com/databus23/helm-diff/v3/cmd.extractManifestFromHelmUpgradeDryRunOutput({0x40006c0000, 0x3d, 0x400}, 0x1) github.com/databus23/helm-diff/v3/cmd/helm3.go:324 +0x348 github.com/databus23/helm-diff/v3/cmd.(*diffCmd).template.func3({0x40006c0000?, 0x4?, 0x4000218000?}) github.com/databus23/helm-diff/v3/cmd/helm3.go:232 +0x28 github.com/databus23/helm-diff/v3/cmd.(*diffCmd).template(0x40003d2ea0, 0x0) github.com/databus23/helm-diff/v3/cmd/helm3.go:305 +0x1388 github.com/databus23/helm-diff/v3/cmd.(*diffCmd).runHelm3(0x40003d2ea0) github.com/databus23/helm-diff/v3/cmd/upgrade.go:292 +0x2c4 github.com/databus23/helm-diff/v3/cmd.newChartCommand.func2(0x4000428f08, {0x40002143f0, 0x2, 0x194bdc1?}) github.com/databus23/helm-diff/v3/cmd/upgrade.go:215 +0x340 github.com/spf13/cobra.(*Command).execute(0x4000428f08, {0x4000214380, 0x7, 0x7}) github.com/spf13/cobra@v1.8.0/command.go:983 +0x840 github.com/spf13/cobra.(*Command).ExecuteC(0x4000429208) github.com/spf13/cobra@v1.8.0/command.go:1115 +0x344 github.com/spf13/cobra.(*Command).Execute(0x2a94178?) github.com/spf13/cobra@v1.8.0/command.go:1039 +0x1c main.main() github.com/databus23/helm-diff/v3/main.go:15 +0x20 Error: plugin "diff" exited with error helm.go:84: [debug] plugin "diff" exited with errorTurns out when
helm upgrade bigfoot-tracker temp/foo/bigfoot-tracker-1.2.5.tgz --namespace 8c5ef7c9-feature-foobar --install --dry-run=serveris run, if the chart errors any validations such as{{- fail ""}}or JSON schema validation erros, the error isn't printed. Instead the above useless error is printed.
is it issue of helm?
Just ran into this lookup returning nil problem, it seems helm template blocks the lookup function because it is no longer allowed to access server for security reasons.
As a work around I just switched to export HELM_DIFF_USE_UPGRADE_DRY_RUN=true and the diff output appears to be correct in my case.
I was trying to make helm-diff stop giving wrong output while rendering templates containing lookup function.
Can confirm previous reply, setting the variable indeed makes helm diff use --dry-run=server flag:
export HELM_DIFF_USE_UPGRADE_DRY_RUN=true
This causes the "lookup" template function to actually connect to the k8s api and pass the actual resource value, instead of empty dictionary, to the staging changes' manifests.
Worked only after upgrading Helm to 3.15 and helm-diff to 3.9.7.