Helm plugin to identify the configuration that has drifted away from the deployed Helm release
There is no native Helm way of identifying the drifts in the releases deployed via Helm.
Now we have a Helm plugin to identify the drifts from the Helm releases deployed in the cluster. https://artifacthub.io/packages/helm-plugin/helm-drift/drift.
Just to share context on why this was created. We do in-place edits of resources a lot of times but forget to add the value back to the codebase; these edits go unnoticed and get overridden in the next deployment, which might screw up the environment if the edited changes are required.
In-place edits should be avoided at all costs, but there are a lot more situations where they cannot be avoided.
Once, during our production release, the deployment screwed up the setup due to the same mistake of not adding values back to the helm chart code base.
Why the helm-drift plugin when we have helm-diff? Helm diff will identify the drifts in the state of the helm charts maintained in Kubernetes, but it is not designed to identify the in-place edits.
On the other hand, this helm-drift plugin, with the help of “kubectl diff,” will identify the drifts by validating every resource against Kubernetes. To keep it simple, invoking this plugin is as good as rendering the charts and running “kubectl diff” for every template in the helm charts.
The newer version of the helm-diff plugin has support for --three-way-merge, which does the job for us, but it does not say anything about how the change was made, whether the patch was applied from the client-side (kubectl) or some controller doing it. But the Kubectl diff helps shed light on these aspects.
Also, all values (including overriding values) should be passed while invoking the helm-diff plugin; this might be helpful when we have a stage in our CI to identify the drift. And helm-drift does not consume any values, does not even need the charts to be present locally while identifying the drifts, and can be invoked from anywhere with just access to the cluster.
This plugin will do the heavy lifting of rendering the templates from the deployed releases or the local chart as per the selection and validating them.
The plugin does have some caveats, which I have called out in the README. Try this on your projects and share feedback. With more feedback, the plugin can grow a lot better.
Github repo link: https://github.com/nikhilsbhat/helm-drift
