helm-schema icon indicating copy to clipboard operation
helm-schema copied to clipboard
verified publisher icon dadav

Are generated schemas from values without any added @schema annotations usable?

Open outofrange opened this issue 1 year ago • 1 comments

I'm thinking about helm-schema to our default pipeline for building & publishing Helm carts, making it available in many charts not necessarily maintained by myself.

Is it a good idea to start (and even release) with a generate schema solely based on the values, without any @schema hints? Can it break something in certain situations, where currently used values suddenly wouldn't be valid anymore?

When I discovered this project, I wasn't really sure if helm-schema wouldn't just assume the tightest type possible, making every string to be an enum unless explicitly configuring it - I'm glad that it's not that way :)

One case I can think of, that could potentially (even likely) break charts without further configuration of @schema would be anyOf types like resources blocks.

I think it's a good idea to

  • put a recommendation in the docs, either warning about or recommending some approach about onboarding charts / using default config
  • list common anyOf properties / gotchas
  • maybe handle certain cases directly within helm-schema? resources.limits.cpu (as well as the other paths ofc) are a very common pattern, for which a default type of integer|string could be set; this could be done for everything resembling known Kubernetes anyOf properties (probably behind some --flag)

outofrange avatar Aug 31 '24 04:08 outofrange

Helm validates the values.yaml against the schema by default, unless --skip-schema-validation is given. And yes, this will break stuff for users if you just publish the generated schema as-is.

For example, the grafana-oncall Helm Chart has some null values by default, which are interpreted as the only valid value by this tool. This leads to many errors like these when running Helm:

Error: Error: values don't meet the specifications of the schema(s) in the following chart(s):
oncall:
- externalPostgresql.existingSecret: Invalid type. Expected: null, given: string
- externalPostgresql.host: Invalid type. Expected: null, given: string
- externalPostgresql.passwordKey: Invalid type. Expected: null, given: string

For this reason I would strongly recommend against publishing the generated schema, unless you add proper annotations to all attributes.

ChristianCiach avatar Sep 23 '24 12:09 ChristianCiach