Description
SUMMARY
Add support for the helm diff upgrade --dry-run=server argument which produces better diffs as it can do a server lookup. Otherwise, it will produce diffs, particularly for secrets, that don't actually produce a change as no new values will be generates by the server.
ISSUE TYPE
- Feature Idea
COMPONENT NAME
Module: helm
https://github.com/ansible-collections/kubernetes.core/blob/main/plugins/modules/helm.py#L632
ADDITIONAL INFORMATION
The proposal would be to add a new argument insecure_server_side_dry_run. The context for when this is a security issue is nuanced and depends on who controls the helm chart vs. who is running the helm chart. It's possible that this is less likely in the context of Ansible and the insecure prefix might not be necessary. I'm no expert on this issue though.
As a workaround, it is currently possible to use the HELM_DIFF_USE_INSECURE_SERVER_SIDE_DRY_RUN environment variable:
- name: Install Helm chart
environment:
HELM_DIFF_USE_INSECURE_SERVER_SIDE_DRY_RUN: "true"
kubernetes.core.helm:
name: test
chart_ref: grafana/grafana
chart_version: 8.8.4
release_namespace: test