detect/report drift: compare desired with actual state

[patrikbeno]

Compare deployed helm release with actual live/runtime manifests, and report changes (drift).

This is a missing feature at the moment (v3.8.1), helm-diff only works with releases/revisions.

I guess this task would require fetching actual manifest referenced by helm release/revision and compare desired with actual state, and helm-diff is very close to supporting this.

[gustavobini]

I might have misunderstood this issue, but is this not what it does right now when doing an upgrade --dry-run?

[patrikbeno]

@gustavobini , no. upgrade --dry-run shows all manifests in their TO-BE state. Proposed feature is about comparing AS-IS state with desired helm revision, and showing only DIFF.

Also note that helm upgrade needs local helm chart workspace. helm diff release/revision (which is the target of this proposal) does not need one, it works with k8s cluster only.

[patrikbeno]

The use case I had in mind is this:

helm install my-release .

# manual edit some resource deployed by my-release
kubectl edit ... 

# compare actual runtime manifests with revision 1 of my-release; i.e. show changes I made in previous kubectl-edit
helm diff revision my-release 1 runtime

runtime may be a keyword here; since revisions are integers, this keyword would tell helm-diff to take manifests from actual runtime, not from any specific revision.

[itaispiegel]

My team also needs this feature so I'd like to thumbs up this issue 👍🏻

[itaispiegel]

Just looked into it and I think this is solved by using the --three-way-merge flag. At first I didn't understand the meaning of this flag, but then I found this documentation.

[patrikbeno]

Just looked into it and I think this is solved by using the --three-way-merge flag. At first I didn't understand the meaning of this flag, but then I found this documentation.

--three-way-merge looks promising, but helm-diff-upgrade is missing --force