Tool: Helm Drift

# About

Helm Drift is a Helm plugin that identifies configuration drifts (primarily due to in-place edits) in the deployed Helm charts.

More:

• https://github.com/nikhilsbhat/helm-drift

# Example #1

# By enabling --summary would render drifts as quick summary in table format.
helm drift run prometheus-standalone example/chart/sample/ -f ~/path/to/example/chart/sample/override-config.yaml --skip-cleaning --summary
       KIND      |         NAME          | DRIFT
-----------------|-----------------------|---------
  ServiceAccount | sample                | NO
  Service        | sample                | NO
  DaemonSet      | fluentd-elasticsearch | NO
  Pod            | nginx                 | NO
  Pod            | nginx-2               | NO
  ReplicaSet     | frontend              | NO
  Deployment     | sample                | NO
  StatefulSet    | web                   | YES
  Job            | pi                    | NO
  CronJob        | hello                 | NO
-----------------|-----------------------|---------
                          STATUS         | FAILED
                 ------------------------|---------
Namespace: 'sample' Release: 'sample'

# Invoking command with out flag --summary would render detailed drifts.
helm drift run prometheus-standalone example/chart/sample/ -f ~/path/to/example/chart/sample/override-config.yaml --skip-cleaning
# executing above command would yield results something like below:
------------------------------------------------------------------------------------
Identified drifts in: 'StatefulSet' 'web'

-----------
diff -u -N /var/folders/dm/40_kbx_56psgqt29q0wh2cxh0000gq/T/LIVE-2873647491/apps.v1.StatefulSet.sample.web /var/folders/dm/40_kbx_56psgqt29q0wh2cxh0000gq/T/MERGED-4261927724/apps.v1.StatefulSet.sample.web
--- /var/folders/dm/40_kbx_56psgqt29q0wh2cxh0000gq/T/LIVE-2873647491/apps.v1.StatefulSet.sample.web	2023-03-25 23:33:06.000000000 +0530
+++ /var/folders/dm/40_kbx_56psgqt29q0wh2cxh0000gq/T/MERGED-4261927724/apps.v1.StatefulSet.sample.web	2023-03-25 23:33:06.000000000 +0530
@@ -5,7 +5,7 @@
     meta.helm.sh/release-name: sample
     meta.helm.sh/release-namespace: sample
   creationTimestamp: "2023-03-24T06:15:02Z"
-  generation: 2
+  generation: 3
   labels:
     app.kubernetes.io/managed-by: Helm
   managedFields:
@@ -84,7 +84,6 @@
           f:spec:
             f:containers:
               k:{"name":"nginx"}:
-                f:image: {}
                 f:ports:
                   k:{"containerPort":8080,"protocol":"TCP"}:
                     .: {}
@@ -94,6 +93,24 @@
     manager: kubectl-edit
     operation: Update
     time: "2023-03-24T06:19:50Z"
+  - apiVersion: apps/v1
+    fieldsType: FieldsV1
+    fieldsV1:
+      f:spec:
+        f:template:
+          f:spec:
+            f:containers:
+              k:{"name":"nginx"}:
+                f:image: {}
+                f:ports:
+                  k:{"containerPort":80,"protocol":"TCP"}:
+                    .: {}
+                    f:containerPort: {}
+                    f:name: {}
+                    f:protocol: {}
+    manager: kubectl-client-side-apply
+    operation: Update
+    time: "2023-03-25T18:03:05Z"
   name: web
   namespace: sample
   resourceVersion: "14246"
@@ -114,10 +131,13 @@
         app: nginx
     spec:
       containers:
-      - image: k8s.gcr.io/nginx-slim:0.9
+      - image: k8s.gcr.io/nginx-slim:0.8
         imagePullPolicy: IfNotPresent
         name: nginx
         ports:
+        - containerPort: 80
+          name: web
+          protocol: TCP
         - containerPort: 8080
           name: web
           protocol: TCP
-----------

# Example #2

drift all

Identifies drifts from all releases from the cluster.

Synopsis

It lists all configuration drifts that are part of various releases present in the cluster. Do note that this is expensive operation since multiple kubectl command would be executed in parallel.

drift all [flags]

Examples

helm drift all --kube-context k3d-sample
  helm drift all --kube-context k3d-sample -n sample

Options

      --consider-hooks                      when this is enabled, the flag 'ignore-hooks' holds no value
      --custom-diff KUBECTL_EXTERNAL_DIFF   custom diff command to use instead of default, the command passed here would be set under KUBECTL_EXTERNAL_DIFF.More information can be found here https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#diff
  -d, --disable-error-on-drift              enabling this would disable exiting with error if drifts were identified
  -h, --help                                help for all
      --ignore-hooks strings                list of hooks to ignore while identifying the drifts (default [hook-succeeded,hook-failed])
      --ignore-hpa-changes                  when enabled, the drifts caused on workload due to hpa scaling would be ignored
      --is-default-namespace                set this flag if drifts have to be checked specifically in 'default' namespace
      --kind strings                        kubernetes resource names to limit the drift identification (--kind takes higher precedence over --name)
      --name string                         name of the kubernetes resource to limit the drift identification
  -o, --output string                       the format to which the output should be rendered to, it should be one of yaml|json|table, if nothing specified it sets to default
      --regex string                        regex used to split helm template rendered (default "---\\n# Source:\\s.*.")
      --skip strings                        kubernetes resource names to skip the drift identification (ex: --skip Deployments)
      --skip-cleaning                       enable the flag to skip cleaning the manifests rendered on to disk
      --skip-release stringArray            list of helm releases to be skipped for identifying helm drifts, ex: ReleaseName=Namespace | ReleaseName=Namespace
      --skip-validation                     enable the flag if prerequisite validation needs to be skipped
      --temp-path string                    path on disk where the helm templates would be rendered on to (the same would be used be used by 'kubectl diff') (default "/Users/nikhil.bhat/.helm-drift/templates")

Options inherited from parent commands

      --concurrency int          the value to be set for flag --concurrency of 'kubectl diff' (default 1)
  -l, --log-level string         log level for the plugin helm drift (defaults to info) (default "info")
      --no-color                 enabling this would render output with no color
      --revision int             revision of your release from which the drifts to be detected
      --set stringArray          set values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
      --set-file stringArray     set values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
      --set-string stringArray   set STRING values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
      --skip-crds                setting this would set '--skip-crds' for helm template command while generating templates
      --skip-tests               setting this would set '--skip-tests' for helm template command while generating templates
      --validate                 setting this would set '--validate' for helm template command while generating templates
  -f, --values ValueFiles        specify values in a YAML file (can specify multiple) (default [])
      --version string           specify a version constraint for the chart version to use, the value passed here would be used to set --version for helm template command while generating templates

SEE ALSO

• drift - A utility that helps in identifying drifts in infrastructure

Auto generated by spf13/cobra on 17-Jul-2024