Hacker News new | ask | show | jobs
by unxdfa 1203 days ago
I think we need to burn this whole thing down and rethink it at this point. A huge amount of the total operational cost of our business is working around weird YAML problems and helm charts.

Had one a while back where quoted strings containing padded numbers in were used for something. "01" fine ... "05" fine, "06" fine, "07" fine, "08" kaboom. 01-07 were treated as strings and 08 was suddenly being treated as octal, which it's not and exploded.
1 comments
jpgvm 1203 days ago
Helm is a pile of garbage. k8s speaks JSON just fine as expected.

Try Tanka + Jsonnet to restore some of your sanity, also allows you to keep using Helm during your transition to a better place.

link
unxdfa 1203 days ago
This is just the same problem in JSON, another loose schema’ed mess. Got my fair share of problems with that at the moment as well.
link
jpgvm 1203 days ago
If you feel really strongly about getting type safety then there is Pulumi + Typescript though I really hate how it tries to be a "better" kubectl apply and fails miserably.

Definitely room for someone to make something better than Helm but I think you should give Jsonnet a shot if you haven't already.

link
jen20 1202 days ago
> tries to be a "better" kubectl apply and fails

How does it try? How does it fail?

I don't see any interactive CLI commands that could be seen as a replacement for kubectl.

link
jpgvm 1202 days ago
It's not about the commands. `pulumi up` is what you are looking for and the k8s resources that accompany it.

kubectl apply, especially with server side apply is effective just a mechanism to push the declarative definition of your k8s objects to the server.

Pulumi instead tries to manage the lifecycle of each of those objects itself when it really has no business doing so. This results in a lot of roundtrips to the Pulumi state store (which is implemented horrendously inefficiently btw) and generally takes forever and a day compared to kubectl apply.

Most of this is down to an impedance mismatch between the models themselves. Pulumi + k8s works but it's just not a great experience. I say this with an absolute -ton- of experience with both options.

link
jaxxstorm 1202 days ago
This can be turned off by setting an annotation on the resources.
link
mhio 1203 days ago
In what way is the kubernetes API loose schema'd?
link
unxdfa 1203 days ago
It’s not loose schema at all. All the tools that wrap it are.

You don’t know something is going to work unless you actually do it.

link
mhio 1202 days ago
Ah gotcha.

I wonder if anyone's converted the API spec into json-schema, might be easier to plug into tools then.

edit: yes, and the tooling in front of it. https://github.com/yannh/kubeconform

following on original work from https://github.com/instrumenta/kubernetes-json-schema

link