Expose helm template option "--skip-tests" to avoid deploying test resources #231
Conversation
|
All unit tests are passing now: https://github.com/markszabo/terraform-provider-kustomization/actions/runs/5052639581/jobs/9065684492 |
There was a problem hiding this comment.
I despise helm for all the shenanigans it does and now the provider I built specifically to have a sane alternative is littered with helm specific crap. To whoever accepted the helm integration into kustomize originally, you've ruined a great thing.
I guess when the tests pass and the option is in upstream kustomize I'll merge it here too.
Could you do me one favor though and squash everything into one commit? Thanks @markszabo
|
Done, commits squashed, tests passing (gave you access to my fork of the repo, incase you can't see it otherwise). This has been merged to upstream since February, so I think it fulfills all your requests @pst On the helm crap: I agree, but unfortunately I need to deploy vendor software packaged as helm charts |
Helm charts can include tests that are executed after a deploy to ensure the deploy was successful. However when running
helm templatethese test resources (usually Pods) end up in the resulting kubernetes yaml, and then get applied each time the terraform pipeline is run. These Pods might get scheduled before the main app becomes healthy, so they error out. Moreover these often don't have the same security controls as the main application leading to OPA policy failures (if OPA is used on the cluster).To avoid this,
helm templatehas the--skip-testsflag which is also exposed by kustomize (issue, pr).This PR adds this flag to the kustomize provider.
I decided not to change the default behavior, so tests will only be excluded from the output if one explicitly sets the
skip_testsoption to true. In the unit tests I'm reusing the existing chart, so I had to addskip_tests=trueto all other tests to avoid having the test Pod in their output. Let me know if there is a better solution to this.