Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drift not detected after rolling back a helm release with helm rollback #1349

Open
fullykubed opened this issue Apr 5, 2024 · 0 comments
Open

Drift not detected after rolling back a helm release with helm rollback #1349

fullykubed opened this issue Apr 5, 2024 · 0 comments
Labels
bug

Comments

@fullykubed
Copy link

Terraform, Provider, Kubernetes and Helm Versions

Terraform version: 1.7.4
Provider version: 2.12.1
Kubernetes version: 1.29.1

Affected Resource(s)

  • helm_release

Terraform Configuration Files

First apply:

resource "helm_release" "cert_manager" {
  namespace       = local.namespace
  name            = "jetstack"
  repository      = "https://charts.jetstack.io"
  chart           = "cert-manager"
  version         = var.cert_manager_version

  values = [
    yamlencode({
      foo = "bar" 
    })
  ]
}

Second apply:

resource "helm_release" "cert_manager" {
  namespace       = local.namespace
  name            = "jetstack"
  repository      = "https://charts.jetstack.io"
  chart           = "cert-manager"
  version         = var.cert_manager_version

  values = [
    yamlencode({
      foo = "baz" 
    })
  ]
}

Debug Output

From running terraform apply with HELM_DEBUG=1:

random_id.controller_id: Refreshing state... [id=j48Q4TCt9so]
random_id.webhook: Refreshing state... [id=FltAuDkUSiY]
random_id.ca_injector: Refreshing state... [id=0h4pgEEDQnw]
module.namespace.kubernetes_namespace.main: Refreshing state... [id=cert-manager]
module.pull_through[0].data.aws_region.current: Reading...
module.pull_through[0].data.aws_caller_identity.current: Reading...
module.pull_through[0].data.aws_region.current: Read complete after 0s [id=us-east-2]
module.pull_through[0].data.aws_caller_identity.current: Read complete after 0s [id=891377197483]
module.namespace.kubernetes_role.admins: Refreshing state... [id=cert-manager/namespace:admin]
module.namespace.kubernetes_role.bot_readers: Refreshing state... [id=cert-manager/namespace:bot-reader]
kubernetes_service_account.cert_manager: Refreshing state... [id=cert-manager/cert-manager]
kubernetes_service_account.webhook: Refreshing state... [id=cert-manager/cert-manger-webhook]
kubernetes_role.webhook: Refreshing state... [id=cert-manager/cert-manger-webhook]
module.namespace.kubernetes_role.readers: Refreshing state... [id=cert-manager/namespace:reader]
module.namespace.kubernetes_role_binding.bot_readers_extra[0]: Refreshing state... [id=cert-manager/namespace:bot-readers-extra]
module.namespace.kubernetes_role_binding.admins[0]: Refreshing state... [id=cert-manager/namespace:admins]
kubernetes_role_binding.extra_permissions: Refreshing state... [id=cert-manager/cert-manger-webhook]
helm_release.cert_manager: Refreshing state... [id=jetstack]
module.namespace.kubernetes_role_binding.bot_readers[0]: Refreshing state... [id=cert-manager/namespace:bot-readers]
module.namespace.kubernetes_role_binding.readers[0]: Refreshing state... [id=cert-manager/namespace:readers]
kubernetes_manifest.pdb_webhook: Refreshing state...
kubernetes_manifest.vpa_webhook[0]: Refreshing state...
kubernetes_manifest.vpa_controller[0]: Refreshing state...
kubernetes_manifest.pdb_ca_injector: Refreshing state...
kubernetes_manifest.vpa_cainjector[0]: Refreshing state...
kubernetes_manifest.pdb_controller: Refreshing state...

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

namespace = "cert-manager"
service_account = "cert-manager"

Steps to Reproduce

  1. terraform apply to create initial release
  2. Change a value in the helm_release
  3. terraform apply to create second release
  4. helm rollback to the first release
  5. terraform apply does not detect the drift

Expected Behavior

terraform apply should detect the drift.

Actual Behavior

The terraform state file is not updated properly and the drift is not detected.

Important Factoids

  • Replicated with both values and set fields
  • Verified that the terraform state file is never updated with the new helm state after the rollback

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@fullykubed fullykubed added the bug label Apr 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fullykubed