Since Helm is going through breaking changes with Helm v4, the version path to
Helm needs to be updated.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Multiple changes were made to pass linting. Some Go built-in names
are being used for variables (e.g., min). This happens in the Go
source itself including the Go standard library and is not always
a bad practice.
To handle allowing some built-in names to be used the linter config
is updated to allow (via opt-in) some names to pass. This allows us
to still check for re-use of Go built-in names and opt-in to any
new uses.
There were also several cases where a value was checked for nil
before checking its length when this is already handled by len()
or the types default value. These were cleaned up.
The license validation was updated because it was checking everything
in the .git directory including all remote content that was local.
The previous vendor directory was from a time prior to Go modules
when Helm handled dependencies differently. It was no longer needed.
Signed-off-by: Matt Farina <matt.farina@suse.com>
- Add consistency for null test in given values, parent chart, subchart, and
sub-sub-chart
- Remove bar null test to keep consistent with boat=null at top level
Signed-off-by: Scott Rigby <scott@r6by.com>
Since Helm is going through breaking changes with Helm v4, the version path to
Helm needs to be updated.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Multiple changes were made to pass linting. Some Go built-in names
are being used for variables (e.g., min). This happens in the Go
source itself including the Go standard library and is not always
a bad practice.
To handle allowing some built-in names to be used the linter config
is updated to allow (via opt-in) some names to pass. This allows us
to still check for re-use of Go built-in names and opt-in to any
new uses.
There were also several cases where a value was checked for nil
before checking its length when this is already handled by len()
or the types default value. These were cleaned up.
The license validation was updated because it was checking everything
in the .git directory including all remote content that was local.
The previous vendor directory was from a time prior to Go modules
when Helm handled dependencies differently. It was no longer needed.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Fixes: #12584
This change makes the authorizer and registryAuthorizer of the registry client configurable via options. This allows Go SDK users to override the authentication behavior of the client.
This PR makes both the authorizer and registryAuthorizer configurable because depending on the exact scenario that may be needed. The default registryAuthorizer only supports a specific implementation of the authorizer.
Signed-off-by: Ryan Nowak <nowakra@gmail.com>
- replace os.IsNotExist with errors.Is and fs.ErrNotExist
- use %w directive
Signed-off-by: Justen Stall <39888103+justenstall@users.noreply.github.com>
In the event some malformed folders/files make its way into the
`charts/` directory meant for subcharts, it is possible one may see an
error message like the below:
```
Error: error unpacking foo in app: Chart.yaml file is missing
```
This error is not very descriptive, as it doesn't reference where on
disk `Chart.yaml` is missing. In the event this happens, this error is
being updated to include that `Chart.yaml` is missing for the `foo`
subchart.
Without this updated error messaging, one would need to look into Helm's
codebase to troubleshoot what exactly is wrong.
Signed-off-by: Taylor Jasko <taylor@taylorjasko.com>
kubernetes might at any time throw 409 Conflict Error codes. Clients
are supposed to retry when this happens. As an example, see
kubernetes/issues/67761 where such an issues might happen when the
cluster manipulates a projects's ResourceQuotas.
Catch such Conflict Errors on createResource and deleteResource and
retry before giving up. Due to the more complex logic and focus on
kubernetes/issues/67761, this patch purposefully omits possibly
needed changes to updateResource and instead defers them to another
patch if required in the future.
Closes issue #9710
Signed-off-by: Andreas Karis <ak.karis@gmail.com>
The output of helm get metadata includes a subset of the fields contained in
the chart.Metadata struct. This change adds the values of the annotations field
and the dependencies field to the output.
Signed-off-by: Niladri Halder <niladri.halder26@gmail.com>
The change in #11726 caused a regression where `helm dependency udpate`
stopped working. The format of the internal representation of the data
changed causing errors of "non-absolute URLs should be in form of
repo_name/path_to_chart". See #13324 for more details.
Since this change is in released Helm and it's a regression, reverting
the original change was the fastest and safest route to deliver a
fix as quickly as possible.
Closes#13324
Signed-off-by: Matt Farina <matt.farina@suse.com>
golangci-lint passed when last commit was made on #12876, but has since failed.
This is probably because the linter has since updated.
I ran locally with the same version of golangci-lint we run in GH Actions, and
this is the only error now (an additional linting error in
pkg/action/package.go since #12876 has already been fixed.
```sh
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.58.1
./bin/golangci-lint run pkg/action/...
./bin/golangci-lint run ./...
```
we should be good now.
Signed-off-by: Scott Rigby <scott@r6by.com>
When --skip-schema-validation is set, any schema contain in the helm chart is ignored. Defaults to 'false'.
Closes#10398
Signed-off-by: anessi <16045045+anessi@users.noreply.github.com>
When --burst-limit/$HELM_BURST_LIMIT is set, the specified value is not
currently used for the discovery client instantiated by
genericclioptions. This change sets genericclioptions.discoveryBurst to
the value of --burst-limit, meaning it should now be possible to fix
client-side throttling issues encountered by the discovery client.
This value is only configured if --burst-limit is actually set. If
--burst-limit is set to the default value, then discoveryBurst should be
left at its default of 300.
Closes#13128
Signed-off-by: Evan Foster <efoster@adobe.com>
Pure cosmetics, add missing dots to a few comments and make indentation
coherent between different parts of the defaultValues YAML.
Signed-off-by: Leo R. Lundgren <leo@finalresort.org>
The ca.crt had to be regenerated because there was no ca.key. Added
new ca.key so that going forward only the certs need to be updated.
Signed-off-by: Dirk Müller <dirk@dmllr.de>
While no longer used by the helm code, this field is part of the API exposed to helm charts as part of the .Capabilities struct.
Signed-off-by: Marcin Owsiany <marcin@redhat.com>
Test to check deprecation warnings on resource templates that are
created by `helm create` against the latest Kubernetes version. This
test is run in a separate Makefile command to avoid failing other unit
tests configured to run with a specific Kubernetes version(s).
For resources that are disabled by default (like hpa and ingress),
to avoid skipping them from the helm linter test, they are enabled in
the test.
Fixes#11495
Signed-off-by: Bhargav Ravuri <bhargav.ravuri@infracloud.io>
Allow the SDK actions to adopt existing resources. This allows install
and update to overwrite resources. If TakeOwnership is not set, adoption
is only possible if they existing resources have the right labels
(managed-by) and annotations (release-name, ...).
Signed-off-by: Mario Manno <mmanno@suse.com>
This change adds a new flag to the install and upgrade commands in
the Helm client and properties to the install and upgrade action.
The new flag is --hide-secret and can only be used with the
--dry-run flag.
The --dry-run flag is designed to send all chart rendered manifests to
stdout so that they can be inspected.
When the --hide-secret flag is used the Secret content is removed from
the output.
Signed-off-by: Matt Farina <matt.farina@suse.com>
When username/password parameters are passed in via the CLI
they are not passed down to the client handling requests to
OCI registries. This change ensures this happens
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
CI, tests, and building failed after #10920 was merged. This change
fixes the issues that were introduced.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Noteis:
1. This moves golangci scanning to a GitHub action. This will
enable inline pointers to issues in the PR where linting fails.
2. Go 1.21 is specified in the go.mod because Kubernetes libs
require it.
3. The lint issues were removed. Some were fixed while others
were handled by skipping linting or using _ as an argument.
Many of these can be refactored later for better cleanup.
Signed-off-by: Matt Farina <matt.farina@suse.com>
This reverts commit 4a27baaffc.
Note, PR #11129 was layered in along with this change so the revert
preserves this API addition.
Signed-off-by: Matt Farina <matt.farina@suse.com>
The ordering should be:
1. User specified values (e.g CLI)
2. Parent chart values
3. Imported values
4. Sub-chart values
This enables parnet charts to import large set of values from a
child and then override select values.
This change is needed for backwards compatibility.
Fixes#12460
Signed-off-by: Matt Farina <matt.farina@suse.com>
As described in issue #12432 (https://github.com/helm/helm/issues/12432) the default serviceaccount yaml will be created wrong. This commit will fix this.
Signed-off-by: Lars Zimmermann <info@zimmermann-lars.de>
The assumption that either a username and/or password OR an error is
returned appears to be wrong, and results in an error later on which
looks something like the following:
```
failed to authorize: failed to fetch anonymous token: unexpected status
from GET request to https://auth.docker.io/token?scope=repository%3AXXX%2FYYY%3Apull&service=registry.docker.io:
401 Unauthorized
```
To mitigate this, confirm we actually have one of the values before
setting the `Authorization` header.
Co-authored-by: Joe Julian <me@joejulian.name>
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Helm release names are limited to 53 characters. By default, Release information is stored in Kubernetes as secrets, and the secret's name structure follows the pattern "sh.helm.release.v1.<release name up to 53 characters>.v<release revision>." However, in the case of using an SQL backend, this release information key is stored in the release_v1 table, and the table constraint currently limits the key name length to 67 characters. This limitation may not be suitable for release names that are within Helm's 53-character limit and need to accommodate the additional "sh.helm.release.v1." prefix and the release revision suffix.
Signed-off-by: abrarcv170 <78675575+abrarcv170@users.noreply.github.com>
This commit replaces `ensure.TempDir` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.
Prior to this commit, temporary directory created using `ensure.TempDir`
needs to be removed manually by calling `os.RemoveAll`, which is omitted
in some tests. The error handling boilerplate e.g.
defer func() {
if err := os.RemoveAll(dir); err != nil {
t.Fatal(err)
}
}
is also tedious, but `t.TempDir` handles this for us nicely.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
This adds support for generating the repository index file in JSON
format using the `--json` flag. The index itself is still written
to `index.yaml`, which is fully backwards compatible as YAML is a
superset of JSON.
For big indexes (think multiple megabytes), this approach is however
more efficient in combination with the changes to the load logic,
as it prevents a YAML -> JSON roundtrip during decoding.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
When an index is in a JSON format, the `sigs.k8s.io/yaml` package uses
an inefficient approach to unmarshaling the data, as it does an
unnecessary roundtrip on the data to transform the YAML to valid JSON.
To prevent this from happening, detect if the bytes which we attempt
to load contain valid JSON, and unmarshal them directly using
`json.Unmarshal` instead.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
There are a few changes to the new dry-run handling:
1. Some documentation is added to help clarify what is happening
and what is expected.
2. DryRun is never changed by internal handling. If an API user
sets the property it is not changed by our code.
3. The behavior on contacting the server with false/none is made
consistent between install and upgrade.
Signed-off-by: Matt Farina <matt.farina@suse.com>
When a user specifies --wait for an install or upgrade this commit will enable the user to specifiy a number of retries to attepmt if a status check fails
Errors including a HTTP status code < 500 will not be retried
Signed-off-by: MichaelMorris <michael.morris@est.tech>
Some charts don't need a templates directory. The warning appears to originate back when helm expected all charts to contain templates. In CI situations where linting is performed with --strict the lint warning causes unneccessary failures for charts that quite legitimately do not contain a templates directory.
As discussed in #8033 there are no longer any scenarios understood where this warning is helpful so this commit removes it.
Signed-off-by: James Blair <mail@jamesblair.net>
First, some notes about priority and how some code flow works.
For Helm handling values, the expected order of precidence is:
1. User specified values (e.g CLI)
2. Imported values
3. Parent chart values
4. Subchart values
Helm handles dependency values slightly differently. If there are dependencies
in the charts folder that are not marked as dependencies all of the values,
including nil values, are pulled in. If those charts are listed as a
dependency in the Chart.yaml file than they are processed for import handling.
Prior to the changes here, it caused nil values at the top level to NOT remove
values specified.
The changes:
1. The order of priority was chagned from the list above. Parnet chart values
would override specifically imported values. This is due to a change from
just over a year ago that introduced a bug. That was undone by changing the
precidence when maps were merged.
2. To handle merging while retaining the nil values, which was causing
inconsistent behavior, a new set of Merge functions were introduced. These
functions are just like coalesce except that they DO NOT remove nil/null values.
The new functions are used in a backward compatible manner meaning some new
functions were introduced that called them.
Specific issues fixed (that are known):
Closes#9027
Can now delete subkeys from charts when specified in the parent. This behavior
was previously inconsistent. Sometimes they could be deleted and other times
it did not work. Now it is consistent.
Closes#10899
Imported values (from library or other subcharts) are now used following the
order above.
The previous behavior was inconsistent. import-values using just a string
would import them. When named with a child/parent it did not work if the
parent already had a value. If string and named were mixed the imports
worked if the string happened first but just for the string not the named.
If the named parent/child went first then none of them worked for cases
where the parent already had a value. It was inconsistent and the tests
sometimes mirrored the functionality rather than expected behavior.
Tests for this fall into the sub-packages and are in the template tests
to verify it's happening in the output. Including having values passed
at the CLI as the ultimate highest priority to be used.
This relates to a fix that went in for #9940. The expected values there don't
fit the precedence above where the parent value would override the imported
value. That fix/change introduced more bugs.
Closes#10052
This is the case where imported values using the parent/child designation
just didn't work right. That has been fixed and there are tests. The underlying
issue had to do with the precedence order handling.
Note, a lot of tests were added. Hope we got it more right this time.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Add a new flag `--plain-http` to the following commands:
* `helm install`
* `helm pull`
* `helm push`
* `helm template`
* `helm upgrade`
* `helm show`
This flag instructs the registry client to use plain HTTP connections,
thus enabling upload/download of charts from OCI registries served at
an HTTP endpoint.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Report charts with the following bad dependency specifications as bad charts:
dependencies:
- name: foo
alias: baz # ← baz used twice
version: 1.0.0
- name: bar
alias: baz # ← baz used twice
version: 1.0.0
dependencies:
- name: foo
alias: bar # ← shadows chart below
version: 1.0.0
- name: bar
version: 1.0.0
dependencies:
- name: foo
version: 1.0.0
- name: foo # ← chart with same name as above (although version or repo will be different, this will not work currently)
version: 1.2.3
Closes#9169
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
This covers both the property and the minimal copy of the Factory
interface. It also notes that this interface is not covered by the
Helm backwards compatibility and why.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Signed-off-by: Joe Julian <me@joejulian.name>
What this PR does / why we need it:
This PR was created to improve performance of the dependency update command by
skipping unnecessary downloading and loading of index files that have already
been downloaded and loaded
I believe this would close refs #9865
Signed-off-by: Jeff van Dam <jeff.van.dam@est.tech>
During the install process there was a place where an install
process could be stuck trying to write to a channel. This would
happen when a context had completed prior to performInstall
finishing. In a short running Helm Client this was not a problem.
But, for long running applications that use Helm as an SDK there
are problems where a memory leak ends up happening due to
goroutines never being able to complete.
This fix provides a means for performInstall to write to its
channel using the method already used to fix the upgrade
issue of the same kind.
Fixes#11805
Signed-off-by: Matt Farina <matt.farina@suse.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes helm#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
* Fixes Readiness Check for statefulsets using partitioned rolling update.
Fixes#11773
This change updates readiness check in ready.go to correctly
account for statefulsets that are utilizing a partitioned upgrade.
These statefulsets only upgrade a subset of the managed pods with each call
to helm upgrade. This causes the upgrade to legitimately hit the condition where
sts.status.CurrentRevision != sts.Status.UpdateRevision which causes helm to mark
the upgrade has failed when in fact it is successful.
This change fixes that behavior to only check when partition is unspecified or 0.
Signed-off-by: Aman Nijhawan <anijhawan@yugabyte.com>
* Adding a unit test to verify that partitioned rolling upgrade for a statefulset works.
Signed-off-by: Aman Nijhawan <anijhawan@yugabyte.com>
---------
Signed-off-by: Aman Nijhawan <anijhawan@yugabyte.com>
Co-authored-by: Aman Nijhawan <anijhawan@yugabyte.com>
The GOARCH here is 386 not i386. This caused a slightly odd test
suite failure on that architecture:
--- FAIL: TestPlatformPrepareCommand (0.00s)
plugin_test.go:45: Expected arg="os-arch", got "linux-s390x"
plugin_test.go:64: Expected arg="os-arch", got "linux-s390x"
Signed-off-by: Dirk Müller <dirk@dmllr.de>
Go 1.20 introduced DNS/CNAME handling changes. This can cause an
IP address represented in hex, oct, etc to be looked up as DNS and
fail. This change introduces a mock DNS resolver.
Note, with the mock resolver, we don't need to use 0x7f000001 any
longer. Keeping because it was already there.
Signed-off-by: Matt Farina <matt.farina@suse.com>
At this time both Go 1.19 and 1.20 are supported. The version
specified in the go.mod file is the minimum version we expect Helm
to be compiled against. This is the oldest supported version to
support environments where others compile Helm. The Helm project
is using Go 1.20 to build Helm itself.
Updating to Go 1.19 also includes dealing with io/ioutil
deprecation and some additional linting issues around staticcheck.
All the staticcheck issues were in test files so linting was
skipped for those.
Signed-off-by: Matt Farina <matt.farina@suse.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes helm#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
As the CRDs are installed before the capabilities are gathered, the
current call to invalidate the discovery client is premature and
expensive.
What actually is required is an invalidation of the REST mapper, as
otherwise the Helm install action may later on fail with a `resource
mapping not found` error. More specifically when the caller of the
action is making use of a persisting[1] `RESTClientGetter`.
Which is not something done by the Helm CLI (albeit it could, and this
would potentially save quite some resources?). But is a default
configuration offered by the Helm SDK via `kube.New` when a nil value
is provided as the `getter`.
[1]: https://github.com/kubernetes/cli-runtime/blob/v0.26.2/pkg/genericclioptions/config_flags.go#L118
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
If enabled the registryClient is set using a helper that accepts the TLS
flags. This keeps the client creation consistent accross the different
commands.
Signed-off-by: Soule BA <bah.soule@gmail.com>
If implemented, users will be able to use custom certificates and CA to
while interacting with OCI registries.
Signed-off-by: Soule BA <bah.soule@gmail.com>
Add --cascade=<background|foreground|orphan> option to helm uninstall
Current behaviour is hardcoded to background
Addresses issue: https://github.com/helm/helm/issues/10586
Signed-off-by: MichaelMorris <michael.morris@est.tech>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run-option=server flag, it will try to connect to the cluster
to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run-option=server flag, it will try to connect to the cluster
to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes helm#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
Fixes#11712
A change was made that when validation was turned off the Kubernetes
packages were building objects as a Table type. This was done for
display purposes. When details about the objects was going to be
printed as part of #10912.
This broke rollback, and possibly other functionality, as a Table
type was returned in some cases that needed the regular object.
This caused things to break silently.
The fix involved adding in a new Function (and interface) to
query for tables instead of the objects themselves. There was not
a clean way to add it to the existing function that covered all
cases.
A second problem was noticed along the way. When data was output
via status as YAML or JSON it was in the form of a table rather
than the objects themselves. This did not reflect expectations
and did not match the functionality in kubectl. The code was
updated to return a table when that was presented and the objects
when they are being output for YAML or JSON. The API also supports
this handling to SDK users can replicate this functionality.
API changes made here were never released. The functions were
developed for this release of Helm and only ever appeared in an
RC. In this case, they can be changed.
Signed-off-by: Matt Farina <matt.farina@suse.com>
## case :
1. charmuseum is http
2. nginx https ---> chartmuseum
3. domain, CN is IP
## result:
error: failed to prepare chart for release: chart unavailable: looks like "https://120.55.54.50" is not a valid chart repository or cannot be reached: Get "https://120.55.54.50/index.yaml": x509: certificate relies on legacy Common Name field, use SANs instead
Signed-off-by: caixisheng <cc710917049@163.com>
<https://github.com/helm/helm/pull/8371>
This covers:
- `tpl` text can `include` a `define` provided in a partial file
- `tpl` text can `include` a `define` provided in its text
- `tpl` text can be loaded via `.Files.Get`
Signed-off-by: Graham Reed <greed@7deadly.org>
There are cases when the etcdserver is temporarily unavailable and the
errors that we get back from kube-apiserver reflect that error. It looks
like we bail out immediately when these errors happen currently. We
should retry until timeout is reached when this sort of errors happen.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
The current family of '--set' methods interprets some special characters
in values (e.g. commas, square brackets, points, backslashes). With the
typical shell escaping rules, this can increase the difficulty of overwriting
values in some cases.
In contrast to '--set-string' or similar methods, '--set-literal' does
not interpret those special characters. It interprets given values as
literal strings.
Example:
--set-literal outer.inner='so\me,values'
outer:
inner: so\me,values
Closes#4030
Signed-off-by: Patrick Scheid <p.scheid92@gmail.com>
- Use a clone of the current Template instead of re-creating everything from scratch
- Needs to inject `include` so any defines in the tpl text can be seen.
Signed-off-by: Graham Reed <greed@7deadly.org>
Extend Interface with new InterfaceResources to avoid breaking changes
Move change to staus command behind --show-resources flag
Signed-off-by: Soujanya Mangipudi <somangip@microsoft.com>
Creating a new PR based on this existing stale PR https://github.com/helm/helm/pull/7728
Signed-off-by: Soujanya Mangipudi <somangip@microsoft.com>
# Conflicts:
# go.sum
Unfortunately errors from the API server do not always (do they ever?) contain
the name of the resource in question.
Deletions for multiple resources are processed concurrently, so in a resulting
log, a preceding "Starting delete" line might be for a different object.
Signed-off-by: Marcin Owsiany <porridge@redhat.com>
Go passes x509 verification off to the platform and different
platforms provide different responses. The Go tests for x509
even have different test files for different platform providers
that check for different messages.
This update haldes darwins difference for x509 authority handling
Closes#11159
Signed-off-by: Matt Farina <matt@mattfarina.com>
Exporting those fields enable 3rd party users to build their own mocked PullResult responses.
Related #10623
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Confirm that the current and updated revision numbers also match as part
of the readiness check. Add coverage for readiness scenarios where
StatefulSet status does not reflect the most recent generation of the
StatefulSet yet.
Also add additional logging around the sts transitions from non-ready to
ready.
Fixes: #10163
Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
Fix list command for SQL storage driver
Fix SQL storage drivers tests after adding custom labels support
Remove notes that SQL driver not supported for storing labels in install and upgrade
Signed-off-by: Dmitry Chepurovskiy <dm3ch@dm3ch.net>
Signed-off-by: Dmitry Chepurovskiy <me@dm3ch.net>
Add a new flags and associated environment variables to override
the TLS Settings used when constructing the Kube Client.
- `--kube-insecure-skip-tls-verify | HELM_KUBEINSECURE_SKIP_TLS_VERIFY`: if true, the kube api server's certificate will not be checked for validity. This will make your HTTPS connections insecure
- `--kube-tls-server-name | HELM_KUBETLS_SERVER_NAME`: server name to use for kube api server certificate validation. If it is not provided, the hostname used to contact the server is used
Signed-off-by: Justen Walker <justen.walker+github@gmail.com>
* feat: add configuration for client-side throttling limit
Client-side throttling seems to be an issue in larger environments such as OpenShift clusters, where
it is common to have several hundreds CRDs out-of-the-box.
From this view point, it is fair that clients should be able to fine tune this accordingly should the
environment they work on evolves, which is currently not possible, and quite frustrating.
This change introduces the --default-burst-limit option to helm (and its counterpart
HELM_DEFAULT_BURST_LIMIT environment variable) to address that issue, allowing clients to properly
tune their client usage as their environment evolves.
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
* chore: change DefaultBurstLimit to BurstLimit
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
* chore: add HELM_BURST_LIMIT to golden file
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
* chore: add burst limit tests
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
* docs: add burst limit default value to documentation
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
* refactor: change burst limit default value to 100 per review instructions
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
This required modifying the `kube.Factory` interface to conform to
changes in k8s' `cmdutil.Factory` interface:
fe3772890f
Signed-off-by: Andrew Seigner <andrew@sig.gy>
go:build is the new conditional compilation directive used to specify build constraints. It was introduced in Go 1.17. It is meant to replace the old +build directives.
Now that go.mod points to Go 1.17 we no longer need to support both
build flags.
Signed-off-by: Matthew Fisher <matt.fisher@fermyon.com>
Fixed old releases rotation procedure to not require a deployed release to exists.
An error will arise when there are no successfully deployed release yet, but releases history limit has been reached. In such situation helm will refuse to upgrade release anymore with "... has no deployed releases" error.
Furthermore, release rotation procedure already expecting lastDeployedRelease to be either nil, or not nil. So it is assumed that deployed release may exist or may not and these both outcomes were already expected as a valid situation rather than a failure.
Reworked storage_test.go TestStorageRemoveLeastRecentWithError test case: use mocked driver and test release creation procedure does not shadows errors from the underneath release rotation procedure.
Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
When used with helm install, helm template, helm upgrade, it enables
to set json values (scalars/objects/arrays) from the command line.
Closes#10428
Signed-off-by: Luca Di Rocco <lucadirocco@gmail.com>
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Quiet flag reduce the verbosity, such that the only text
that is written to the console is lint warnings/errors
Closes#9994
Signed-off-by: Piotr Resztak <piotr.resztak@gmail.com>
golint which is used as one of the sublinters in golangci-lint is deprecated.
It is replaced with revive which is a drop-in replacement.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
Co-authored-by: Martin Mulholland <mmulholl@redhat.com>
`os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil`
package. It is a more efficient implementation than `ioutil.ReadDir` as
stated here https://pkg.go.dev/io/ioutil#ReadDir.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
When range support for OCI went in via #10527 it created a situation
where some lookups for a chart could cause a panic. This change
makes sure the registry client is available to lookup OCI charts
Signed-off-by: Matt Farina <matt.farina@suse.com>
Note, there is OCI handling later in the funtion that should
handle the situation instead.
Closes#10534
Signed-off-by: Matt Farina <matt.farina@suse.com>
Largely borrowed from (IndexFile).Get. However there is not currently a nice
way to make this code also usable to the repo package, as IndexFile depends on
a list of index Entries containing a nexted version.
We could refactor this later to somehow use the same shared function, but for
now keeping separate.
Signed-off-by: Scott Rigby <scott@r6by.com>
Note, there is OCI handling later in the funtion that should
handle the situation instead.
Closes#10534
Signed-off-by: Matt Farina <matt.farina@suse.com>
Before this change, several of the potential errors during the process
of signing a package were skipped.
Crucially, `Close()`ing the ReadCloser from the gpg clearsigner is the call
which actually does the signing, and so has several points of failure
which are ignored; for example, if there's a problem with the format of
the key.
Also changes the error from messageBlock() to be propagated rather than
being swallowed, and adds a test for the case where a signer fails to
sign.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
The partition value can be greater than number of replicas, in that
case no pods are rolled out. The expectedReplicas becomes a negative
number.
https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions
In the cases where the update does not change anything in the pod
template, the updatedReplicas value from StatefulSet status remains
unchanged. Such updates can still set some partition value, and
UpdatedReplicas is always greater than expectedReplicas. Basically,
the StatefulSet is ready / rolled-out.
In both the above scenarios, providing `--wait` flag causes it to
timeout waiting indefinitely. Because updatedReplicas can never be
negative, or be equal to the expectedReplicas for the second case.
This commit handles both the scenarios by checking if UpdatedReplicas
is smaller than expectedReplicas. If it is, then the StatefulSet is
not ready yet.
Based on the code from kubectl rollout:
a450ebd59c/pkg/polymorphichelpers/rollout_status.go (L138-L141)Closes#8674
Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
This bug came about because of three issues that this change
corrects:
- The CI scripts run on a pull request did not test building
Helm. This means that a failure to set a variable using LDFLAGS
had no opportunity to be caught.
- #8608 provided a means to match the k8s version used in linting
and chartutil with the version of the package we pull in. With
one problem. It attempts to set a const as if it were a string.
This is ignored and everyone missed it.
- #10325 moved those constants to vars so it could be set. This
looked good and passed tests but missed that you can't set an
int as if it were a string. See first bullet.
This change fixes this by moved the internal representation to
be a string. These are internal variables not exposed in the public
API which makes this change non-breaking to the API.
Closes#10367
Signed-off-by: Matt Farina <matt.farina@suse.com>
When running helm lint, import-values for dependencies are ignored,
also added test for linting chart with import-values
Closes#9658
Signed-off-by: Stuart Drennan <stuart.drennan@gmail.com>
Matt Farina
dnskr
George Jenkins
Austin Abro
Ryan Hockstad
Scott Rigby
Jiasheng Zhu
Payal Godhani
Terry Howe
Andrew Block
Ryan Nowak
Steve Hipwell
Evans Mungai
Justen Stall
KISHOREKUMAR THUDI
Robert Sirchia
mathieu cesbron
wangjingcun
Taylor Jasko
Alex Johnson
Zach Burgess
Suleiman Dibirov
Tianle Xu
satoru
Andreas Karis
Jon Olsson
Luis Davim
Trent V.
Trent V
ricardo.bartels@telekom.de
Niladri Halder
Adam Korczynski
Nathan Baulch
Rui Chen
Fred Heinecke
Joe Julian
Matt Farina
MichaelMorris
Dr. Stefan Schimanski
Maor Friedman
anessi
Alex Johnson
Evan Foster
Sidharth Menon
Leo R. Lundgren
Daniel Strobusch
Matt Clegg
fheinecke
Jeff van Dam
Jeff van Dam
Calvin Krist
Dirk Müller
Marcin Owsiany
Marcin Owsiany
Bhargav Ravuri
deterclosed
Mario Manno
Aaron U'Ren
Felipe Santos
Ricardo Maraschini
Antoine Deschênes
Ismail Alidzhikov
Daniel Pap
Sean Mills
Marcin Chojnacki
Denis Policastro
Dmitry Chepurovskiy
Serge Logvinov
Miles Wilson
genofire
b4nks
Lars Zimmermann
Hidde Beydals
Matt Carr
Andy Smith
Michał Słapek
abrarcv170
Maxim Trofimov
Tim Chaplin
Bingtan Lu
ithrael
0xff-dev
guoguangwu
Antonio Gamez Diaz
MR ZHAO
Mikhail Kopylov
Graham Reed
Graham Reed
Eng Zer Jun
cuisongliu
Stefan McShane
Antony Chazapis
James Blair
Yarden Shoham
wujunwei
Sanskar Jaiswal
Dmitry Kamenskikh
Mathias Neerup
Dominik Müller
Tom Wieczorek
Tapas Kapadia
Aman Nijhawan
willzgli
Craig O'Donnell
Soule BA
muang0
cpanato
zak905
Cenk Alti
Patrick Scheid
Martin Hickey
Jakub Warczarek
Eugene Zuev
Vaibhav Sharma
Soujanya Mangipudi
Pat Riehecky
Xin Ruan
Zuhair AlSader
caixisheng
Philipp Stehle
Igor Manushin
shankeerthan-kasilingam
Peter Leong
cui fliter
Qifan Shen
Davanum Srinivas
Vincent van ’t Zand
CI
James Oden
d-d-up
Arvid E. Picciani
Matthew Fisher
yxxhero
Dominic Evans
Dmitry Chepurovskiy
Justen Walker
Igor Sutton
Andrew Seigner
Suresh Kumar
Mathieu Parent
Mayank Thakur
stan-sz
yxxhero
Stepan Dohnal
Zoran Krleza
Timofey Kirillov
Markus Lehtonen
Luca Di Rocco
Matthias Fehr
alexandr.danilin
stephanECD
Josh Dolitsky
guofutan
Piotr Resztak
David Peraza
Thomas Runyon
Allen Bai
mengjiao.liu
jayonlau
Neven Miculinic
Simon Alling
Jerome Küttner
cndoit18
Ashley Davis
Bhavin Gandhi
Tyler Auerbeck
Moritz Clasmeier
Josh Dolitsky
Sverre Boschman
Guangwen Feng
Asir Tamboli
Stuart Drennan