Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm_release does not track drift in digest for OCI charts #1307

Open
apjoseph opened this issue Dec 18, 2023 · 1 comment
Open

helm_release does not track drift in digest for OCI charts #1307

apjoseph opened this issue Dec 18, 2023 · 1 comment
Labels
bug

Comments

@apjoseph
Copy link

helm_release and helm_template should be tracking the digest for OCI charts, but it appears that the sha hash is completely ignored. This means that there is no way to update to the latest version of a development chart with a static development tag like v0.0.0-latest

Even after using terraform state rm <helm_template_data_source> the provider fails to check if the digest for a given tag has changed.

Example

data "helm_template" "envoy_gateway" {
  chart            = "oci://registry-1.docker.io/envoyproxy/gateway-helm"
  name             = "gateway-helm"
  version = "v0.0.0-latest"
  devel = true
  create_namespace = false
  namespace        = kubernetes_namespace_v1.envoy_gateway.metadata[0].name
  skip_crds        = false
  include_crds     = true
  values           = local.envoy_gateway_helm_values
}

Terraform, Provider, Kubernetes and Helm Versions

Terraform v1.6.6-dev
on linux_amd64
+ provider registry.terraform.io/alekc/kubectl v2.0.4
+ provider registry.terraform.io/hashicorp/helm v2.12.1
+ provider registry.terraform.io/hashicorp/kubernetes v2.24.0

Affected Resource(s)

  • helm_release

Affected Data Sources

  • helm_template
@apjoseph apjoseph added the bug label Dec 18, 2023
@apjoseph
Copy link
Author

Helm itself inexplicably also does not track the digest. However, regardless of Helm's deficiencies, two different SHAs mean two different manifests. That is drift regardless of whether helm acknowledges it or not and it needs to be tracked by the provider.

See:
helm/helm#10678
helm/helm#10799
helm/helm#12647

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@apjoseph