helm diff --three-way-merge does not detect manual changes on Custom Resources (CRDs) #917
Description
We are seeing inconsistent behavior with helm diff upgrade --three-way-merge when detecting manual changes made directly in the Kubernetes cluster, specifically for Custom Resources (CRDs).
For built-in Kubernetes resources (e.g. Deployment), helm diff --three-way-merge correctly detects live changes made via kubectl edit/patch.
However, for CRDs (example below uses KEDA ScaledObject), manual changes in the cluster are not detected, even when the field is explicitly defined in the Helm chart.
What works ✅
For built-in resources (e.g. Deployment):
1.Deploy via Helm
2.Manually edit:
kubectl edit deployment my-app
change resources.limits.memory value
Run:
helm diff upgrade <release> <chart> --three-way-merge --dry-run
➡️ The manual change is detected and shown in the diff.
What does NOT work ❌
For CRDs (example: KEDA ScaledObject):
- Deploy via Helm with spec.maxReplicaCount defined in the chart
- Manually edit the ScaledObject:
kubectl patch scaledobject my-so \
-n <ns> \
--type=merge \
-p '{"spec":{"maxReplicaCount":30}}'
Run:
helm diff upgrade <release> <chart> --three-way-merge --dry-run
➡️ No diff is shown, even though the live value differs from the chart.
Questions:
- Is this a known limitation of helm-diff with CRDs?
- Is
--three-way-mergeexpected not to detect live drift for CRDs? - Are there plans or recommendations for supporting live drift detection on CRDs?