Terraform-provider-helm: New resource shouldn't be required when a chart is updated

Created on 26 Dec 2018  路  5Comments  路  Source: hashicorp/terraform-provider-helm

Most helpful comment

When we do a helm upgrade with a new Chart and/or repo, Helm does not delete the release and upgrades the release in place.

This is a surprising behvaiour coming from using the CLI to the provider. Is ForceNew needed on these two attributes?

All 5 comments

Can you provide a test case, @oba11? I fail to reproduce this using the latest provider version.

Sure @rporres , here are the steps

Requirements

  • working kubernetes cluster
  • working helm/tiller deployment

Steps

  • Change to home directory
cd $HOME
  • Create below folders
mkdir -p helm/{app,app-new}
mkdir -p $HOME/helm/app/templates
  • Create below files in $HOME/helm/app
cat << EOF > $HOME/helm/app/Chart.yaml
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: app
version: 0.1.0
EOF

-------------------

cat << EOF > $HOME/helm/app/templates/deployment.yaml
apiVersion: apps/v1beta2
kind: Deployment
metadata:
  name: {{ .Release.Name }}
  labels:
    app.kubernetes.io/name: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ .Release.Name }}
    spec:
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
EOF

----------------

cat << EOF > $HOME/helm/app/values.yaml
replicaCount: 1

image:
  repository: nginx
  tag: stable
  pullPolicy: IfNotPresent
EOF

-------

cat << EOF > $HOME/helm/app/main.tf
provider "helm" {
  version = ">= 0.7.0"
}

resource "helm_release" "this" {
  name         = "app"
  chart        = "\${path.cwd}"
  reuse        = "true"
  reuse_values = "true"
  values  = [
    "\${file("\${path.cwd}/values.yaml")}"
  ]
}
EOF

  • Initialize terraform and apply
cd $HOME/helm/app
terraform init
terraform apply

OUTPUT
--------
helm_release.this: Creating...
  chart:            "" => "/home/ubuntu/helm/app"
  disable_webhooks: "" => "false"
  force_update:     "" => "false"
  keyring:          "" => "/home/ubuntu/.gnupg/pubring.gpg"
  metadata.#:       "" => "<computed>"
  name:             "" => "app"
  namespace:        "" => "default"
  recreate_pods:    "" => "false"
  reuse:            "" => "true"
  reuse_values:     "" => "true"
  timeout:          "" => "300"
  values.#:         "" => "1"
  values.0:         "" => "replicaCount: 1\n\nimage:\n  repository: nginx\n  tag: stable\n  pullPolicy: IfNotPresent\n"
  verify:           "" => "false"
  version:          "" => "0.1.0"
  wait:             "" => "true"
helm_release.this: Still creating... (10s elapsed)
helm_release.this: Still creating... (20s elapsed)
helm_release.this: Creation complete after 22s (ID: app)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
  • Create a dummy volume path instead of symlinks because terraform resolves symlinks
sudo mount -o bind $HOME/helm/app $HOME/helm/app-new
  • Change directory to the new dummy directory
cd $HOME/helm/app-new
  • Run terraform plan and the output should force recreating resources
terraform plan

---
-/+ helm_release.this (new resource required)
      id:               "app" => <computed> (forces new resource)
      chart:            "/home/ubuntu/helm/app" => "/home/ubuntu/helm/app-new" (forces new resource)
      disable_webhooks: "false" => "false"
      force_update:     "false" => "false"
      keyring:          "/home/ubuntu/.gnupg/pubring.gpg" => "/home/ubuntu/.gnupg/pubring.gpg"
      metadata.#:       "1" => <computed>
      name:             "app" => "app"
      namespace:        "default" => "default"
      recreate_pods:    "false" => "false"
      reuse:            "true" => "true"
      reuse_values:     "true" => "true"
      timeout:          "300" => "300"
      values.#:         "1" => "1"
      values.0:         "replicaCount: 1\n\nimage:\n  repository: nginx\n  tag: stable\n  pullPolicy: IfNotPresent\n" => "replicaCount: 1\n\nimage:\n  repository: nginx\n  tag: stable\n  pullPolicy: IfNotPresent\n"
      verify:           "false" => "false"
      version:          "0.1.0" => "0.1.0"
      wait:             "true" => "true"


Plan: 1 to add, 0 to change, 1 to destroy.
---
  • Cleanups
cd $HOME/helm/app
terraform destroy
cd $HOME
sudo umount $HOME/helm/app-new
rm -rf $HOME/helm

Please let me know if you are able to reproduce it. Thanks

chart:            "/home/ubuntu/helm/app" => "/home/ubuntu/helm/app-new" (forces new resource)

I can see that this behavior is there "by design" - changes of chart attribute will always trigger the resource re-creation because of the ForceNew flag.
That is how it should be when we talk about remote charts (provided by the repository API).

For the local charts (like in your case) I just suggested to introduce a separated attribute and treat it differently: https://github.com/terraform-providers/terraform-provider-helm/issues/212

When we do a helm upgrade with a new Chart and/or repo, Helm does not delete the release and upgrades the release in place.

This is a surprising behvaiour coming from using the CLI to the provider. Is ForceNew needed on these two attributes?

I would love the pull request to be accepted, since this kind of messes things up for us...

Was this page helpful?
0 / 5 - 0 ratings