Support helm diff with --dry-run=server

[Javex]

SUMMARY

Add support for the helm diff upgrade --dry-run=server argument which produces better diffs as it can do a server lookup. Otherwise, it will produce diffs, particularly for secrets, that don't actually produce a change as no new values will be generates by the server.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

Module: helm
https://github.com/ansible-collections/kubernetes.core/blob/main/plugins/modules/helm.py#L632

ADDITIONAL INFORMATION

The proposal would be to add a new argument insecure_server_side_dry_run. The context for when this is a security issue is nuanced and depends on who controls the helm chart vs. who is running the helm chart. It's possible that this is less likely in the context of Ansible and the insecure prefix might not be necessary. I'm no expert on this issue though.

As a workaround, it is currently possible to use the HELM_DIFF_USE_INSECURE_SERVER_SIDE_DRY_RUN environment variable:

- name: Install Helm chart
  environment:
    HELM_DIFF_USE_INSECURE_SERVER_SIDE_DRY_RUN: "true"
  kubernetes.core.helm:
    name: test
    chart_ref: grafana/grafana
    chart_version: 8.8.4
    release_namespace: test

[yurnov]

External references:

• databus23/helm-diff@cd57381
• https://github.com/databus23/helm-diff/releases/tag/v3.9.0
• feat(helm): add ability for --dry-run to do lookup functions helm/helm#9426
• https://github.com/helm/helm/releases/tag/v3.13.0