From 8dabbb441c7952f17ecbe5afe7a5dc96f85bac87 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Mon, 14 Sep 2020 22:17:25 -0700 Subject: [PATCH] Validate that CRDs exist only on a helm install This commit introduces a slight change to the CRD chart templates in order to only run the check for whether CRDs exist in the cluster when a user uses `helm install`. On a `helm template`, no error will ever be thrown and on a `helm install --dry-run`, an error will only be thrown if the CRD is required as part of the chart installation (which is the default behavior of --dry-run either way). The way it accomplishes this is by using the Helm lookup function; based on the [Helm 3 docs](https://helm.sh/docs/chart_template_guide/functions_and_pipelines/), the lookup function never gets called on a `helm install --dry-run` or a `helm template`, so the output of the lookup function will always be nil for those requests (i.e. the number of ClusterRoles returned will always be 0). However, Kubernetes clusters have default ClusterRoles, so this ensures that CRDs are installed if at least one ClusterRole is returned (i.e. the most common setup). --- .../overlay-upstream/templates/validate-install-crd.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/chart-templates/crd-base/overlay-upstream/templates/validate-install-crd.yaml b/scripts/chart-templates/crd-base/overlay-upstream/templates/validate-install-crd.yaml index 90e6f1b0d..a6f74065e 100644 --- a/scripts/chart-templates/crd-base/overlay-upstream/templates/validate-install-crd.yaml +++ b/scripts/chart-templates/crd-base/overlay-upstream/templates/validate-install-crd.yaml @@ -1,3 +1,4 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} # {{- \$found := dict -}} ${set_found_crd} # {{- range .Capabilities.APIVersions -}} @@ -10,3 +11,4 @@ ${set_found_crd} # {{- required "Required CRDs are missing. Please install the ${name}-crd chart before installing this chart." "" -}} # {{- end -}} # {{- end -}} +#{{- end -}}