-
Notifications
You must be signed in to change notification settings - Fork 41
Charts with randomly generated fields that are part of pod annotations fail to be installed (e.g. stable/redis) #76
Description
While attempting to install the default version (i.e. without specifying any overrides or changing the values*.yaml files) of the stable/redis chart, I'm noticing that the Redis master pod goes into a Started -> Terminating -> Started loop. This happens because the master statefulset keeps getting revised. The reason why this is happening for the Redis chart is that it contains the following pod annotation in a StatefulSet spec (this is part of the redis-master-statefulset.yaml file in the chart):
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
The secret itself is randomly generated thanks to this:
data:
{{- if .Values.password }}
redis-password: {{ .Values.password | b64enc | quote }}
{{- else }}
redis-password: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
{{- end -}}
In other words, if the values.yaml file doesn't specify a value for the password, the pod annotation will be randomly generated.
This results in a continuous release update loop when the helm-app-operator tries to install the release. As far as I can tell from the code, this is the sequence of events:
- the chart is installed for the first time.
reconcile.go::Reconcileis invoked and after the installation finishes, the reconciler creates a work request to do a resync because ofreturn reconcile.Result{RequeueAfter: r.ResyncPeriod}, err - the resync is triggered. This time, we fall through to
if manager.IsUpdateRequired() {, which returns true. The reason is that the way the operator checks if an update to a chart has happened is by doing a dry run installation of the chart. Naturally, each dry run will produce a manifest with a different value for the password field. - the update process begins, leading to a new revision of the
statefulset(leading to the old pod being terminated and replaced) being created. - Repeat 2 and 3. (edited)
I understand that this problem is avoided by providing an override for generated values. However, for my project, it would be great if charts could work as-is, without having to provide overridden values.