helmfile icon indicating copy to clipboard operation
helmfile copied to clipboard
verified publisher icon roboll

Helmfile silently ignores CRDs (and removes them on apply) if strategicMergePatches are used

Open intelfx opened this issue 4 years ago • 3 comments

Trying to deploy ArgoCD using Helmfile:

(./argocd contains the argocd install.yaml)

releases:
  - name: argocd
    namespace: argocd
    chart: ./argocd

— works

releases:
  - name: argocd
    namespace: argocd
    chart: ./argocd
    strategicMergePatches:
      - apiVersion: apps/v1
        kind: Deployment
        metadata:
          namespace: argocd
          name: argocd-server
        spec:
          template:
            spec:
              containers:
              - name: argocd-server
                command:
                - argocd-server
                - --staticassets
                - /shared/app
                - --insecure

— doesn't work, deletes all existing CRDs on apply

intelfx avatar Jul 22 '21 07:07 intelfx

I am seeing the same thing when using transformers

dippynark avatar Oct 27 '24 08:10 dippynark

Did some investigation into this:

  • If jsonPatches, strategicMergePatches or transformers are specified for a Helm release, then the release is preprocessed by chartify: https://github.com/helmfile/helmfile/blob/5837672bfaaa9b48d6132c2f534586652725ae64/pkg/state/helmx.go#L265-L305
  • Chartify puts all CRDs into a crdsdirectory: https://github.com/helmfile/chartify/blob/6fbcd045d33e638ed6453b62bb2f044af5604e52/patch.go#L326-L342
  • Helm template does not include the crds directory by default so CRDs are ignored even if they are in the templates directory of your original chart: https://github.com/helm/helm/issues/6930#issuecomment-2331125996

So to fix this you can add the following to your helmfile:

helmDefaults:
  # Ensure that helm template renders CRDs:
  # https://github.com/roboll/helmfile/issues/1924#issuecomment-2439925428
  args:
  - --include-crds

dippynark avatar Oct 27 '24 09:10 dippynark

Did some investigation into this:

* If `jsonPatches`, `strategicMergePatches` or `transformers` are specified for a Helm release, then the release is preprocessed by chartify: https://github.com/helmfile/helmfile/blob/5837672bfaaa9b48d6132c2f534586652725ae64/pkg/state/helmx.go#L265-L305

* Chartify puts all CRDs into a `crds`directory: https://github.com/helmfile/chartify/blob/6fbcd045d33e638ed6453b62bb2f044af5604e52/patch.go#L326-L342

* Helm template does not include the `crds` directory by default so CRDs are ignored even if they are in the `templates` directory of your original chart: [[helm3][question] How to render CRDs with helm template? helm/helm#6930 (comment)](https://github.com/helm/helm/issues/6930#issuecomment-2331125996)

So to fix this you can add the following to your helmfile:

helmDefaults:
  # Ensure that helm template renders CRDs:
  # https://github.com/roboll/helmfile/issues/1924#issuecomment-2439925428
  args:
  - --include-crds

This works properly for helmfile template, but if you attempt helmfile deps on this, it fails saying:

STDERR:
  Error: unknown flag: --include-crds

Any ideas how to support both helmfile deps and helmfile template with one setup? Currently helmfile deps is a ci requirement for us. Hoping I don't have to disable for apps with crds.

EDIT: Another workaround appears to be to include args to helmfile template, like so:

helmfile template --args '--include-crds'

This way we aren't modifying our helmfiles and thus bugging our helmfile deps ci step.

rickymulder avatar Jul 30 '25 21:07 rickymulder