helm-controller icon indicating copy to clipboard operation
helm-controller copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

postRenders for helm hooks not working

Open jkotiuk opened this issue 10 months ago • 1 comments

Hey,

It appears that HelmRelease postRenders are not being added to resources with hooks (i.e., helm.sh/hook: pre-install). I'm unsure if this is a limitation of Helm or if I'm encountering some kind of bug.

Or maybe my configuration is wrong, just apply the resource below to patch this Job

apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: acp
spec:
  interval: 60m
  url: https://charts.cloudentity.io
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: acp
spec:
  chart:
    spec:
      chart: acp
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: acp
      version: 2.x-x
  releaseName: acp
  interval: 60m
  values:
    migrateJob:
      enabled: true
  postRenderers:
  - kustomize:
      patches:
      - patch: |-
          - op: add
            path: /spec/template/spec/volumes/-
            value:
              name: tls-acp
              projected:
                defaultMode: 384
                sources:
                - secret:
                    name: acp-acp-tls
          - op: add
            path: /spec/template/spec/containers/0/volumeMounts/-
            value:
              mountPath: /tls-acp
              name: tls-acp
              readOnly: true
        target:
          kind: Deployment
          name: acp-workers
          version: v1
      - patch: |-
          - op: add
            path: /spec/template/spec/volumes/-
            value:
              name: tls-acp
              projected:
                defaultMode: 384
                sources:
                - secret:
                    name: acp-acp-tls
          - op: add
            path: /spec/template/spec/containers/0/volumeMounts/-
            value:
              mountPath: /tls-acp
              name: tls-acp
              readOnly: true
        target:
          kind: Deployment
          name: acp
          version: v1
      - patch: |-
          - op: add
            path: /spec/template/spec/volumes/-
            value:
              name: tls-acp
              projected:
                defaultMode: 384
                sources:
                - secret:
                    name: acp-acp-tls
          - op: add
            path: /spec/template/spec/containers/0/volumeMounts/-
            value:
              mountPath: /tls-acp
              name: tls-acp
              readOnly: true
        target:
          kind: Job
          name: acp-migrate
          version: v1

Job definition will be missing specified patches from HelmRelease. Next, you can just comment on the values section above to disable this job and notice how regular deployment is patched correctly.

When I pipe helm template output through kustomize file with the same patches, it works for the job as well.

Flux version: v2.4.0

jkotiuk avatar Feb 05 '25 14:02 jkotiuk

This is actually an upstream Helm issue, there is an open PR for fixing it so that postRenderers are applied to hooks as well https://github.com/helm/helm/pull/13154

maboehm avatar May 07 '25 06:05 maboehm

This will be covered by https://github.com/fluxcd/helm-controller/issues/1300

stefanprodan avatar Sep 15 '25 13:09 stefanprodan