Comments (7)
I've also encountered this issue and managed to track down the version where this behaviour change was introduced: 3.9.0
Using helm create chart-test
and modifying the service as @fradee described yields different results based on the version (tested against Kubernetes v1.28.8+k3s1):
With version 3.8.1 chart install gets rejected due to the unknown field:
$ helm version
version.BuildInfo{Version:"v3.8.1", GitCommit:"5cb9af4b1b271d11d7a97a71df3ac337dd94ad37", GitTreeState:"", GoVersion:"go1.17.9"}
$ helm install --generate-name ./chart-test/
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(Service.spec): unknown field "someFake" in io.k8s.api.core.v1.ServiceSpec
Updating to helm 3.9.0. Now the install succeeds and only produces a warning:
$ helm version
version.BuildInfo{Version:"v3.9.0", GitCommit:"7ceeda6c585217a19a1131663d8cd1f7d641b2a7", GitTreeState:"", GoVersion:"go1.17.11"}
$ helm install --generate-name ./chart-test/
W0702 08:03:40.093323 503060 warnings.go:70] unknown field "spec.someFake"
NAME: chart-test-1719900219
LAST DEPLOYED: Tue Jul 2 08:03:40 2024
NAMESPACE: default
STATUS: deployed
REVISION: 1
from helm.
We are also facing the same issue. @mattfarina has this behaviour changed in newer helm versions ?
from helm.
Hello everyone. I was looking for a way to contribute to Helm and this ticket looked interesting so I started diving into it.
I can confirm what @gjenkins8 stated about this being related to the switch in Kubectl to support server-side validation. I used git bisect
to narrow down the commit where this was introduced (bd7c97f), which bumped the kubectl
version and updated client.go to utilize the new Kubectl Factory interface.
From here, I dove into what changed in Kubectl that broke client-side validation in Helm. I traced it down to the new Schema Validator
function used. Specifically, https://github.com/kubernetes/kubectl/blob/b315eb8455a7d5c11ed788d1592b4afeca85771d/pkg/validation/schema.go#L140 appears to only run client-side validation if it detects that server-side validation is not supported for the resource. This can be verified by going back to a Kubernetes version before server-side validation was introduced (<1.25), where Helm commands error as expected when manifests contain invalid fields.
I tried to figure out a way to resolve this on the Helm side, but I came up short. Admittedly, my Go skills need some work. I was not able to come up with a clean way of resolving this that didn't involve updates on the Kubectl side. Perhaps this is worth a ticket with kubectl to add better support for explicitly running client-side validation?
from helm.
thanks @james-mchugh for the investigation and find
from helm.
I can confirm, and I'm not sure why the client-side validation implementation has stopped working:
https://github.com/helm/helm/blob/main/pkg/kube/client.go#L344-L352
What I think happened, is Kubernetes introduced service side validation. And somehow (speculating, I didn't track down how) the openapi validation done client side is no longer reporting errors. Server-side validation blog:
https://kubernetes.io/blog/2023/04/24/openapi-v3-field-validation-ga/
Helm also should to update to use server side validation, but likely compatibity concerns need to be considered. Updating is simplish implementation-wise., just needs to be determined how to pass the validation flag through to the Kubernetes API object helper. Like e.g. kubectl:
WithFieldValidation(o.ValidationDirective)
https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/apply/apply.go#L568
Debugging why the client-side validation is not working should also be done (at least for the standard Service object. Karpenter nodeclass being a custom resource, it might not be possible).
This was also noticed back in this issue: #12470 . But I think work from here, as that issue started from a different question. And the PR there has languished.
from helm.
The PR to introduce server-side validation looks something like: #13123
I don't think this can easily be implemented in Helm v3, due to the way Helm manages this Kubernetes client (schema validation is "per-operation". This client is constructed early and shared across operations (in the SDK)
Onwards to figuring out why the client side validation has failed I guess.
from helm.
I created a branch for kubectl that has a potential solution for this. It adds a preferredStrategy
argument to the Validator
function and the newParamVerifyingSchema
struct. It's still a WIP, but I wanted to see if it would actually resolve the issue and it does.
I opened an issue with kubectl
in case this is something that should be resolved on their end.
from helm.
Related Issues (20)
- Helm Registry only supports a single set of credentials per registry. HOT 3
- Pull chart image HOT 2
- when using indent getting parse Error HOT 3
- `helm dep build --skip-refresh` doesn't work as expected HOT 1
- Improvement of OpenSSF Scorecard Score HOT 3
- `helm dependency update` and `helm dependency build` generate a `Chart.lock` using arbitrary build info ordering HOT 3
- helm template defaults to --kube-version (Capabilities.KubeVersion) without mentioning it in the --help output HOT 2
- enhancement: helm template, flag to show values HOT 2
- Helm converts large integers to Scientific Notation HOT 2
- Using helm variables from _helpers.tpl for generating TLS certificates. Wrong type for value; expected []interface {}; got string HOT 1
- Add ActiveHelp to Helm's shell completion support HOT 1
- Proposal: (ref. #13236) Adoption of CUE for Enhanced Values Processing and Validation in Helm HOT 3
- CVE-2024-24791
- `helm search repo` broken after v3.14.0 - chart.metadata.name is invalid HOT 3
- Helm is casting one of our secrets to integer, instead of treating it as a string HOT 1
- Helm upgrade for charts that contain statefulsets and set replicas to 0 and wait is true,It seems like helm not wait statefulset related pods deleted. HOT 1
- is there any problem at broadcom repo? HOT 3
- Proposal: Support for Alternative Manifest Generation Tools HOT 1
- Helm uninstall --cascade orphan command deletes existing K8s resources HOT 2
- .helmignore does not ignore symlinks HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm.