helm-diff
helm-diff copied to clipboard
databus23
helm diff --three-way-merge upgrade not detecting kubernetes manual change
this is a redacted version of the values.yaml:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
labels:
app.kubernetes.io/managed-by: Helm
name: allowedrepos-aws
spec:
background: true
rules:
- match:
any:
- resources:
kinds:
- Pod
namespaces:
- kube-system
name: aws-repos
validate:
deny:
conditions:
all:
- key: '{{ images.[containers, initContainers, ephemeralContainers][].*.registry[]
}}'
operator: AnyNotIn
value:
- xyz.*.amazonaws.com
message: All images in this Pod must come from an authorized repository.
validationFailureAction: enforce
this is the manual change I made that the --three-way-merge does not detect:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
labels:
app.kubernetes.io/managed-by: Helm
name: allowedrepos-aws
spec:
background: true
rules:
- match:
any:
- resources:
kinds:
- Pod
namespaces:
- kube-system
name: aws-repos
validate:
deny:
conditions:
all:
- key: '{{ images.[containers, initContainers, ephemeralContainers][].*.registry[]
}}'
operator: AnyNotIn
value:
- xyz.*.amazonaws.com
message: All images in this Pod must come from an authorized repository.
validationFailureAction: audit
notice the change in the value for validationFailureAction
the detailed exit code is 0
I am seeing this as well on version 3.9.5 with three-way-merge and normalize manifests enabled.
I had manually updated a Deployment resource to include a nodeSelector and helm-diff did not detect it.
EDIT: https://github.com/databus23/helm-diff/issues/176#issuecomment-1223904297
This is likely just how it works with Helm 3
