From 4fde6e13db18f3095ae341f2dc6a6cf2ae18b648 Mon Sep 17 00:00:00 2001 From: KUOKA Yusuke Date: Wed, 22 Jul 2020 23:10:22 +0900 Subject: [PATCH] Add disableValidation and disableOpenAPIValidation per release (#1373) `disableOpenAPIValidation: true` might be useful for workaround for broken CRDs that is known to be exist in older OpenShift versions, and `disableValidation: true` is confirmed to allow installing charts like prometheus-operator that tries to install CRDs and CRs in the same chart. Strictly speaking, for the latter case I believe you only need `disableValidation: true` set during the first installation, but for the ease of operation I shall suggest you to always set it. Obviously turning validation mostly(disableOpenAPIValidation) or entirely(disableValidation) result in deferring any real error until sync time. We need completely client-side validation that is able to read CRDs and use it for validating any CRs to catch any error before sync. But it worth an another (big) issue. Fixes #1124 --- pkg/state/state.go | 44 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/pkg/state/state.go b/pkg/state/state.go index 13040f9c..68145473 100644 --- a/pkg/state/state.go +++ b/pkg/state/state.go @@ -128,10 +128,12 @@ type HelmSpec struct { // CreateNamespace, when set to true (default), --create-namespace is passed to helm3 on install/upgrade (ignored for helm2) CreateNamespace *bool `yaml:"createNamespace,omitempty"` - TLS bool `yaml:"tls"` - TLSCACert string `yaml:"tlsCACert,omitempty"` - TLSKey string `yaml:"tlsKey,omitempty"` - TLSCert string `yaml:"tlsCert,omitempty"` + TLS bool `yaml:"tls"` + TLSCACert string `yaml:"tlsCACert,omitempty"` + TLSKey string `yaml:"tlsKey,omitempty"` + TLSCert string `yaml:"tlsCert,omitempty"` + DisableValidation *bool `yaml:"disableValidation,omitempty"` + DisableOpenAPIValidation *bool `yaml:"disableOpenAPIValidation,omitempty"` } // RepositorySpec that defines values for a helm repo @@ -174,6 +176,18 @@ type ReleaseSpec struct { // CreateNamespace, when set to true (default), --create-namespace is passed to helm3 on install (ignored for helm2) CreateNamespace *bool `yaml:"createNamespace,omitempty"` + // DisableOpenAPIValidation is rarely used to bypass OpenAPI validations only that is used for e.g. + // work-around against broken CRs + // See also: + // - https://github.com/helm/helm/pull/6819 + // - https://github.com/roboll/helmfile/issues/1167 + DisableOpenAPIValidation *bool `yaml:"disableOpenAPIValidation,omitempty"` + + // DisableValidation is rarely used to bypass the whole validation of manifests against the Kubernetes cluster + // so that `helm diff` can be run containing a chart that installs both CRD and CRs on first install. + // FYI, such diff without `--disable-validation` fails on first install because the K8s cluster doesn't have CRDs registered yet. + DisableValidation *bool `yaml:"disableValidation,omitempty"` + // MissingFileHandler is set to either "Error" or "Warn". "Error" instructs helmfile to fail when unable to find a values or secrets file. When "Warn", it prints the file and continues. // The default value for MissingFileHandler is "Error". MissingFileHandler *string `yaml:"missingFileHandler,omitempty"` @@ -1771,6 +1785,28 @@ func (st *HelmState) flagsForDiff(helm helmexec.Interface, release *ReleaseSpec, flags = append(flags, "--devel") } + disableOpenAPIValidation := false + if release.DisableOpenAPIValidation != nil { + disableOpenAPIValidation = *release.DisableOpenAPIValidation + } else if st.HelmDefaults.DisableOpenAPIValidation != nil { + disableOpenAPIValidation = *st.HelmDefaults.DisableOpenAPIValidation + } + + if disableOpenAPIValidation { + flags = append(flags, "--disable-openapi-validation") + } + + disableValidation := false + if release.DisableValidation != nil { + disableValidation = *release.DisableValidation + } else if st.HelmDefaults.DisableValidation != nil { + disableValidation = *st.HelmDefaults.DisableValidation + } + + if disableValidation { + flags = append(flags, "--disable-validation") + } + flags = st.appendConnectionFlags(flags, release) var err error