nelm icon indicating copy to clipboard operation
nelm copied to clipboard
verified publisher icon werf

Patch resources of the chart without changing the chart

Open ilya-lesikov opened this issue 1 year ago • 5 comments

Problem

If the third-party chart does not allow modifications of some resources (e. g. no way to specify securityContext for Pod), then chart consumers must fork the chart and modify it themselves.

Solution (if you have one)

Provide a way to easily patch rendered chart resources on-the-fly. Might look like this:

$ cat patch.yaml
- selector:
    chart: mychart
    resourceName: myapp
    resourceKind: Deployment
  patch: |
    <patch>
$ werf converge --patch patch.yaml

We could also provide a way to automatically apply patches that are distributed with the chart, so that the user can have a parent chart with patches for the resources in the dependent child charts.

Additional information

Helm 3 has a --post-renderer flag which might help with this, but it has its issues:

  1. Chart developers can't enforce usage of specific post-renderer with a specific configuration for their chart. They must provide instructions to the chart consumers on how to manually set up the post-renderer and how to run it.
  2. Ability to use any language to patch resources results in chart consumers potentially required to learn many different languages just for Kubernetes manifest patching.

ilya-lesikov avatar Jul 24 '24 14:07 ilya-lesikov

This was the first feature request I had in mind when I thought about how to improve helm!

As another idea to consider: Maybe it was also possible to support KRM functions. See https://github.com/kubernetes-sigs/kustomize/blob/master/cmd/config/docs/api-conventions/functions-spec.md and https://kpt.dev/book/02-concepts/03-functions

PSanetra avatar Jul 29 '24 15:07 PSanetra

That would be a great feature. Is there a timeline for this feature?

ryou90 avatar Nov 17 '24 16:11 ryou90

This is a must-have feature and we plan to add it this year (soon).

alexey-igrychev avatar Nov 17 '24 16:11 alexey-igrychev

Thanks for your quick reply. This feature will be a absoluty game changer. This would make it unnecessary to fork third party helm charts, as you can modify them in-place. That would simplify so many things :)

Ideally, as already mentioned above, I would like the idea of including the patches in bundles.

Should it also be possible for the specific patch only to be executed depending on the specific environment?

ryou90 avatar Nov 17 '24 17:11 ryou90

Certainly, patches will be environment-specific and can be used similarly to values files. Before implementation, we’ll draft a proposal and post it in this issue so we can discuss the details and consider your suggestions.

alexey-igrychev avatar Nov 17 '24 17:11 alexey-igrychev