terraform-provider-rancher2 icon indicating copy to clipboard operation
terraform-provider-rancher2 copied to clipboard

Published 20 hours ago verified publisher icon rancher

[RFE] Don't automatically uninstall apps declared via `catalog.cattle.io/auto-install`

Open viccuad opened this issue 1 year ago • 2 comments

Is your feature request related to a problem? Please describe.

Currently, on uninstall of app A, terraform automatically uninstalls also whatever app was declared in app A via catalog.cattle.io/auto-install (this code).

This behaviour is particular to the terraform provider, and is not followed by Rancher UI.

IMHO this behaviour is dangerous:

  • You can have 2 separate charts both declare the same catalog.cattle.io/auto-install: my-crds=1.0.0. On uninstall of any of those chart releases, my-crds chart gets removed, breaking the remaining chart release in the system as it is now missing the needed CRDs. This is the case for kubewarden-controller and kubewarden-defaults, as both depend on kubewarden-crds. See issue raised by community here.
  • You can have several charts declare catalog.cattle.io/auto-install: rancher-monitoring. On uninstall of one of the chart release, the remaining charts are now broken.

Describe the solution you'd like

Make the terraform behaviour on catalog.cattle.io/auto-install optional and skippable on uninstall of chart A.

Maybe it it could be better improved if it would automatically skip a chart B specificed via catalog.cattle.io/auto-install , if that chart B has a provides-gvr for some CRDs that the chart A has in a requires-gvr. But this maybe doesn't fully solve transitive dependencies, and charts that provide or depend on several gvrs, as one cannot list several on those annotations. But this needs some consideration.

For the current behaviour (on catalog.cattle.io/auto-install) in Terraform to work, it would be needed to have a proper dependency management system for Helm charts and/or OCI artifacts. This dependency system would know about dependencies, optional dependencies, their versions, if they are namespaced, and to delegate to it if a chart release is not needed in the system anymore or can be scheduled for removal.

Describe alternatives you've considered

  • Forking charts, so one can overwrite the catalog.cattle.io/auto-install annotations, effectively disabling the stated dependency and managing those dependencies manually.

  • Forking the terraform provider and commenting this code.

  • Adding a dependency system that is aware of rancher annotations and can be used as a drop-in substitute of Helm binary and library: https://hypper.io (disclaimer, helped write that thing).

Additional context

See https://github.com/kubewarden/helm-charts/issues/272

viccuad avatar Aug 10 '23 07:08 viccuad

Since this issue is Rancher specific, triggered by Rancher specific annotations, I agree that it is best to use the same logic as the Rancher ui/api uses: catalog.cattle.io/auto-install values should be used for installation tasks only.

The auto-install annotation mainly aims on installing CRD-charts, as that is not well covered by Helm. Automatically uninstalling CRD-charts impact other installed charts that may depend on that same CRD-chart.

Maybe at minimum, an if or toggle should be in place that allow to skip parsing the catalog.cattle.io/auto-install annotation for specific charts managed by a rancher2_app_v2 resource.

mpepping avatar Aug 10 '23 12:08 mpepping

@viccuad would you please add the jira label (it has the same name)

thsnielsen avatar Apr 30 '24 09:04 thsnielsen