Workaround obsolete API versions

[pho-enix]

This is a workaround for changes in API versions like
extensions/v1beta1 => apps/v1

From Helm's perspective those are new Resources as the API version
cannot be changed. However there is a compat layer in k8s that will
return the old resources for the new API version. Helm will reject the
resource 'creation' as there is already a resource of the same kind and
version.

Do we want to maintain compat code in this place? Probably not.

[mattfarina]

@pho-enix thanks for the PR. Helm uses a developers certificate of origin (DCO) to show you are allowed to contribute said material. The checks tab at the top will show you how to correct the commit. In new commits you can use the --signoff flag.

I'm unsure if Helm should transform api versions. For one, they don't always translate from one to another as some subtle changes happened along the way. The error response coming back may not make sense.

I've added this as a discussion topic to the next Helm dev call so we can talk about it. You are welcome to attend if you like. If not, I'm prepared to talk about it.

[DavidZisky]

Why don't you just check if old_api_version != new_api_version instead?

[pho-enix]

Good idea. Thanks for the hint. However we have to be a bit cautious about the Group. There might be the same Kind in different Groups.

For example:
NetworkPolicy - networking.k8s.io/v1
NetworkPolicy - crd.projectcalico.org/v1

In principle anyone could create a Deplyoment Kind in his CRD.

[DavidZisky]

Fair enough, but then you could check instead if only bit after "/" has been changed (for the same api type). That would be a more future proof solution - if there will be "apps/v2" version released in the future you'll have to rewrite this

[pho-enix]

No, this will not be sufficient. As for example Deployment moved
extensions/v1beta1 -> apps/v1

Please check the updated code :)

[DavidZisky]

Yeah, I see. Updated code looks cool tho +1

[pho-enix]

Issue 1:
Clashes of Kubernetes Resources and CRD with same Kind might produce strange errors (if a Resource with the same name already exists)
Issue 2:
Clashes of CRD and CRD with same Kind might produce strange errors (if a Resource with the same name already exists)

I general we'd have to decide how many corner cases we want to take into account:

Option 1) Simply ignore Version and Group during upgrade.

• Code change will be super small

• Issue 1 fixed
• Issue 2 fixed

Option 2) Current PR (ed739d2)

• Quite a bit of code

• Issue 1 fixed
• Issue 2 fixed

[jlegrone]

I think there might be a simpler solution to this. Opening a PR for discussion in a little bit and I'll link it here. Thanks for your work on this so far @pho-enix!

[bacongobbler]

here is how Kubernetes recommends checking whether a resource is a CRD or not:

helm/pkg/kube/client.go

Lines 372 to 373 in 60d8d72

	// On newer K8s versions, CRDs aren't unstructured but has this dedicated type
	_, isCRD := versionedObject.(*apiextv1beta1.CustomResourceDefinition)

We should probably update that code to check if versionedObject can be casted to a *apiextv1.CustomResourceDefinition as well, now that it's available in 1.17.... Regardless, that would be a more portable option than string parsing.

[pho-enix]

@jlegrone Agreed that my solution is a bit complex. As this issue is really a blocker for a lot of users we should aim for a fast solution (#7627).

[adnan-kamili]

Maybe this behavior can be enabled through a command-line option so that it doesn't break anything and users who know what they are doing use this command-line option.

[avielb]

Waiting for this as well
could be very useful

[bacongobbler]

closed in favour of #7649.