An update to a new chart version should reconcile the HelmRepository before trying to update the HelmRelease #543
Comments
|
If I understand correctly, you are updating the I think there is little chance of this change, based on my limited understanding of how subscriptions work in Kubebuilder and Flux, I'll explain from my understanding how it works to clarify. Examples of resources that subscribe to other resources in the GitOps Toolkit: Kustomization, HelmRelease, (they subscribe through SourceRef to their sources) ... some others? This is the main action of Flux, "applier" types subscribe to "source" types and they reconcile themselves when upstreams change. Pretty much any resource which has a ref to another resource on which it depends, can subscribe to get updates about that resource when it changes. A Kustomization will reconcile immediately when its source is updated and ready, because of the subscription. These are one-way associations, which (the one-way-ness) is a precautionary approach when building notifier patterns, I believe, that avoids producing an infinite loop or notification storm. Anyway, it should be clear from understanding that idea, that when a HelmRelease is subscribed to the HelmRepository, the HelmRepository cannot also be subscribed to the HelmRelease, it would be a loop. If someone understands better than I do, welcome to chime in and correct me if I'm subtly or totally wrong. But as for what to do now, there are two solutions to handle this, basically: set a lower interval on the source, and whenever the source is reconciled and updated to a new generation that becomes ready (when the chart is ready), the HelmRelease will follow immediately because of its subscription to the HelmRepository, as it already subscribes to its upstream source. Or, set up a Notification Webhook https://fluxcd.io/flux/guides/webhook-receivers/ Classic |
|
We are talking about this today in bug scrub, and the subtext here is that through optimization, HelmRepository could be made about 90% more efficient to where we would be comfortable recommending a shorter interval for HelmRepository But right now, unless you are using HelmRepository with |
|
My workflow consists of using renovate to open PRs for helm charts I do not write or maintain, e.g. cert-manager. I have the interval set on the helm repository to an hour on these. Usually it's not an issue as I'm not merging these PRs right away but sometimes this does happen. I'm guessing there will be a time when more people are packaging their charts as OCI artifacts but who knows how long that will be or if it's even done at all. |
|
That helps to clarify, the use case makes sense now, and why you're running into this issue.
So when Renovate detects a change in HelmRepository, it opens you a PR with the upgrade (I was guessing this was some CI automation, Renovate makes sense here), and if you merge the PR before Flux gets around to reconciling the HelmRepository, you get a temporary error state, and it resolves itself... eventually... We are talking about how to kick-start adoption of OCI, and there are two things we need to see first:
If there are other common chart publishing tools in the wild, we'd better add them to the list, but once helm/chart-releaser has added the support, and common issues are addressed, we should hopefully start to see this pick up. Meanwhile, this issue shall remain open until we can find a better answer for this. To trigger HelmRepository to reconcile early seems like a no-brainer, but the performance impact should not be understated, as an error in the YAML could result in a continuous reconcile loop that puts Helm Controller or Source Controller on the top of the Prometheus charts soaking memory usage until somebody notices the error and fixes it in the source. |
Correct, ideally I would like the interval to be 24hr+ because there's no reason to pull so often. It just consumes bandwidth on both ends and what you mentioned seems affects Flux performance.
I am 100% on the OCI train for helm charts I would write or maintain but it will be a long time before others seem to jump on board. Thanks for keeping the issue open, I am looking forward to seeing what can be done to improve pulling helm repo updates. |
|
I discovered OCI helm charts do not work with Renovate for Flux, for which I have opened this issue over there. |
|
In the meantime if this never comes into fruition I set up a self-hosted github runners and wrote this workflow to run a |
There seems to be a bit of a problem when updating to a new release of a chart in a
HelmReleaseand if theHelmRepositorydid not update in time. Eventually it would reconcile and the new chart version would be applied to theHelmReleasebut it would be nice if this was taken care of for us.In other words, if you create a
HelmRepositorywith anintervalset to12hand you want to update yourHelmReleaseto a new version released within that time frame it will not be able to until theHelmRepositorygets updated. It would be nice if Flux/Helm Controller could automatically try to reconcile theHelmRepositoryanytime a new version of the chart is detected in theHelmRelease.The text was updated successfully, but these errors were encountered: