Feature: Move CRDs into separate contour-crds chart #21 #22
Conversation
Sefiris
force-pushed
the
feature/seperate-crds
branch
from
cbf6b02 to
e74dcfa
Compare
|
For good measure, tested all these changes locally using minikube |
deepy
left a comment
deepy
left a comment
There was a problem hiding this comment.
I'm going to note a blocker here but I'm afraid I'll have to elaborate at a later point
Starting with the easy part, I think outright removing it from the contour chart is going to confuse users
Ideally as a default, but I'm not opposed to having it disabled by default
But from the perspective of a user, I'd expect that after installing the Helm chart I have everything need
And now the part I'll need to fill in more details on later, but Helm's CRD management is incredibly easy to get burned by and I don't think it should be used at all
The short version of this is that for a crd-only chart you need to handle them as normal templated files rather than CRDs, so the gateway-api parts here are fine but not the contour ones
We disagree on this part, I have been burnt more by CRDs being included within a controllers deployments than i can count. as someone that has bootstrapped hundreds of clusters with different controllers I always found it odd to have a single controller be the "primary" deployment that all the others relied on because of the CRD deployment. Correct me if I am wrong here but from my testing the Contour ingress controller works perfectly fine without the CRDs, so from my point of view at least I have everything I need and the CRDs are optional. but for someone that uses the gateway api spec I can understand that these are a "requirement".
Learned something new here thanks!, i've built a lot of internal helm charts but never a CRD so i was not aware of this, I will keep this in mind and make this change. |
I think we maybe agree on it, but on different points :-) To me I expect the chart to be self-sufficient, and when I run multiple instances in the cluster the first thing I do is disable CRD deployment so I can manage that centrally But I don't know how many contour instances the average user has, so I think having the option to install CRDs but defaulting to not would be perfectly fine
Yeah this is a well-hidden pitfall and one of the more awkward points in Helm that I know of, they have at least documented it and the tradeoffs here https://helm.sh/docs/chart_best_practices/custom_resource_definitions/ It gets especially weird when Helm has specific support and functionality for CRDs but then hits you with "There is no support at this time for upgrading or deleting CRDs using Helm" Luckily for us, we don't need to use the CRDs that the charts provides in the chart itself, so none of the caveats apply to us and we can manage them just as normal resources to allow TL;DR |
Signed-off-by: Dave van Duivenbode <[email protected]>
Sefiris
force-pushed
the
feature/seperate-crds
branch
from
fdf9e3c to
16f46ab
Compare
|
@deepy entirely fair enough! I have slightly come around to your side on this, if I am a cluster operator I can just as well disable the management of the CRDs in the main chart and use the CRD specific chart. And i wholly agree with you that the defaults should give you a usable and as much as possible production ready deployment. I have made the changes and tested them once again all locally, and opted for just putting a good CRD management disclaimer in the readme of the contour chart |
|
Would it be feasible to use a chart dependency so that the CRD chart is installed automatically when |
…rt to be used as a file dependency Signed-off-by: Dave van Duivenbode <[email protected]>
@tsaarni, call me crazy but I would avoid this like the plague(just an opinion ofc), Helm in and off itself is already stupidly complex to maintain and test for and I do believe that adding subcharts and dependencies just increases your possible blast radius when it comes to testing changes in the future. That said because i do love diving into things i've never done before I have created a possible setup for it, see my last push, maybe you guys do really like the way this works, I myself think it's too much added complexity vs just updating 2 files in 2 separate charts :) |
|
@Sefiris I'm not sure why this would need a third chart? Like for example how Grafana does it in their alloy chart: https://github.com/grafana/alloy/blob/main/operations/helm/charts/alloy/Chart.yaml I caught a cold this weekend so didn't get a chance to look into it as I had planned, but if you want to I can try doing the final bits to bring this PR over the finishing line tonight |
| dependencies: | ||
| - name: contour-crds-lib | ||
| version: 0.1.0 | ||
| repository: file://../contour-crds-lib |
There was a problem hiding this comment.
I don't think file:// references will work with a remote repository, and sadly if I read the documentation right this'll need to point to the actual repository
There was a problem hiding this comment.
for type: library charts these file references should work?.
The Chart.yaml should only resolve when building from the repo.
The following commands worked locally.
# Package
helm package charts/contour-crds --destination dist
# Install
helm install contour-crds ./dist/contour-crds-0.1.0.tgz \
--namespace contour-crds --create-namespaceunpacking the tgz one can see the following inside of it then as well
There was a problem hiding this comment.
After some testing, the helm packaging will sort this out regardless of what type it is
|
I do see that Helm dependencies are discouraged but I don’t really have enough experience to say whether the concept is considered fundamentally flawed, or if dependency mechanism is still OK towards project's own CRD chart. But one big practical implication I do see: the |
I've actually found examples like these before, but these are not exposed to the world as a chart themselves are they? When i look for the alloy charts I can find the following They might be using a CI pipeline for this?, if this option works I'm all for it, but i do not quite understand it myself yet when comparing it to our repo.
Thats always up to the maintainers ofc, my strong opinion is that it should be avoided until there is a really good use case for it, and even then limit it as much as possible.
Yeah, now that you mention it, I reverted back to the problem we had at the start, and that's not something we want, entirely fair point! |
|
I need to double-check this, but iirc |
The "special" The distinction here would be that this is not unwanted in the application chart In most application charts i've seen, they use that And in all separated CRD charts i've seen them use templated files, because thats the only way in helm to get it to manage the full lifecycle of the resource. It puts us in a very difficult spot if you want to "library" the CRDs between the 2, which is why my preference goes out to just duplicating. |
|
Ah, but then it was just me mixing things up. The Bitnami chart we inherit from never actually used Helm’s Given that, the CRDs were always upgraded/downgraded/deleted together with the software. I don't know how well that worked for people, but from that point of view, adding the dependency from main chart towards CRD chart would not be a change like I thought in #22 (comment). |
|
Indeed, glad we could clear it up! The final design question we need answered then is if:
Or
But the end result should be the same as helm will package them at build time. |
|
It's possible to use file references even in 2, it just makes it a bit awkward in that you need to reference the correct version, e.g. https://github.com/deepy/contour-chart/blob/contour-0.3.1/charts/contour/Chart.yaml#L20-L23 Which in reality means that if the CRD version is bumped the dependency also needs to be bumped, or it'll prevent releasing new versions of the main chart. The other scenario I can see is if the automation creates the new versions but doesn't release them automatically, in which case a human would need to remember to bump both versions to avoid getting weird results So I think an easy way forward would be moving the CRD files back into contour-crd and make it a conditional dependency with a file:// repository |
3 participants
Move CRDs into separate contour-crds chart #21