* Fix issue with apiVersion v1 lock digest
When apiVersion v1 chart dependencies are built with Helm 2
and then built with Helm 3, the lock digests differ. To avoid
this issue, a depdendency update is forced.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Check against Helm v2 hash
Handle scenario where dependency hash was generated by Helm v2
but need to do a dependency build with Helm v3.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Add unit test
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Refactor unit test
Refactor unit test to use an existing chart as dependency
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Update after review
Comments:
- https://github.com/helm/helm/pull/7261#discussion_r373827088
- https://github.com/helm/helm/pull/7261#discussion_r373827250
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Allow template output to use release name
helm template output command uses the chart name only when writing
templates to disk. This changes will also use the release name
to avoid colloiding the path when output nore than one release
of smae chart.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Update after review
Comment:
- https://github.com/helm/helm/pull/7503/files#r374130090
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
These flags snuck in through a feature that was reverted and removed in Helm 2, but snuck into Helm 3.
They were never hooked up or used, so they were a no-op. This shouldn't affect anyone.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
Use the same install order for hooks as for normal resources (non-hooks) for hooks with equal weight.
This makes resource handling more consistent and helps, when there are hook consisting of several resources like e.g. a service account and a job using this service account.
The sort functions are changed from an in place search to an out of place sort to avoid inout parameters.
Closes#7416.
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
Remove references to protobuf and update description of release
object stored representation to Helm v3.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
Helm does not yet properly handle concurrent executions (see #7322),
and invoking Helm concurrently on the same release lead to corrupted storage.
Specifically, several Releases may be marked as DEPLOYED. This patch improved handling of such situations, by taking the latest
DEPLOYED Release. Eventually, the storage will clean itself out, after
the corrupted Releases are deleted due to --history-max.
This is a port to Helm v3 of #7319.
Signed-off-by: Cristian Klein <cristian.klein@elastisys.com>
The error returned from DeployedAll will never contain "not found".
The error returned at the end of Deployed is already known to be nil,
and we never want to return ls[0] together with a non-nil error anyway.
Signed-off-by: Simon Alling <alling.simon@gmail.com>
The completion of charts was using 'helm search repo' which can be
quite slow as it must parse the entire yaml of every repo cache file.
Using completion for a chart name can end up triggering multiple calls
to 'helm search'; this makes the user experience poor, as there is
a delay of over a second at every <TAB> press.
This commit creates a cache file for each repo which contains the list
of charts for that repo. The completion logic then uses this new
cache file directly and obtains the chart names very quickly.
With only the stable repo configured, this optimization makes the
completion of charts about 85 times faster, going from 1.2 seconds to
0.014 seconds; such a difference gives a much better user experience
when completing chart names.
On the other hand, adding the creation of the chart list cache file to
'helm repo update' or 'helm repo add' is pretty much negligible compared
to the downloading of the index file.
It is also worth noting that when more repos are configured,
'helm search repo' only becomes slower, while the completion logic that
uses the new chart list cache file will not be affected as it only looks
for the single relevant repo file.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
* Include serviceAccount.annotations value
Signed-off-by: Naseem <naseemkullah@gmail.com>
* Add comment about service account annotations
Signed-off-by: Naseem <naseemkullah@gmail.com>
Service accounts must be installed before secrets when service account tokens (secrets) are be managed by Helm. Otherwise Kubernetes will delete any service account token right after creation, since there is no service account mounting the token (see https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#token-controller)
Closes#7159.
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
Fixes issue #7279.
Prevent the deletion of CRDs that were defined in the `templates/`
directory. This makes CRD deletion behaviour consistent with Helm
documentation:
> CRDs are never deleted. Deleting a CRD automatically deletes all of the
> CRD’s contents across all namespaces in the cluster. Consequently, Helm
> will not delete CRDs.
Previous the documentation only applied to CRDs that were defined in the
`crds/` directory. It did not consider that Charts could have CRDs in the
`templates/` directory (for example charts that were written before the
`crds/` directory feature or if the Chart author needed templated CRDs).
Signed-off-by: Phil Grayson <phil@philgrayson.com>
Mercurial VCS (hg) backout's can generate '.orig' files
to avoid these being picked, generate a .helmignore where
also the .orig files are ignored.
Signed-off-by: Jan Heylen <jan.heylen@nokia.com>
* Port watcher with retries to wait for resources
Port of Helm 2 PR #6014 to Helm 3
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Add fix from PR #6907
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
Add intervening line into lazypath.go, so that license is
not treated by godoc as a package description.
Standardize license comment for xdg package.
Add missing package descriptions.
Signed-off-by: Jakub Bielecki <jakub.bielecki@codilime.com>
The 'helm install' command returned confusing error messages if a flag was misspecified (e.g. `helm install name chart --set value foo`). This lead to an error indicating that a name should be specified for the command. Now an explicit check is done on the number of arguments passed, returning a message indicating the invalid arguments (`foo` in the example`).
Closes#7225
Signed-off-by: Lennard Eijsackers <lennardeijsackers92@gmail.com>
The existing unit test doesn't cover the most important functionality
of filterList(). Adding that check. Separately test the specific
namespace-related behavior.
Remove the dead variable anotherOldOne.
Signed-off-by: Jakub Bielecki <jakub.bielecki@codilime.com>
* Include requirements.* as Files in APIVersionV1
Fixes#6974.
This ensures that when reading a Chart marked with APIVersion v1, we
maintain the behaviour of Helm v2 and include the requirements.yaml and
requirements.lock in the Files collection, and hence produce charts that
work correctly with Helm v2.
Signed-off-by: Paul "Hampy" Hampson <p_hampson@wargaming.net>
* Write out requirements.lock for APIVersion1 Charts
This keeps the on-disk format consistent after `helm dependency update`
of an APIVersion1 Chart.
Signed-off-by: Paul "Hampy" Hampson <p_hampson@wargaming.net>
* Exclude 'dependencies' from APVersion1 Chart.yaml
This fixes `helm lint` against an APIVersion1 chart packaged with Helm
v3.
Signed-off-by: Paul "Hampy" Hampson <p_hampson@wargaming.net>
* Generate APIVersion v2 charts for dependency tests
As the generated chart contains no requirements.yaml in its files list,
but has dependencies in its metadata, it is not a valid APIVersion v1
chart.
Signed-off-by: Paul "Hampy" Hampson <p_hampson@wargaming.net>
* Generate APIVersion v2 charts for manager tests
Specifically for the charts that have dependencies, the generated chart
contains no requirements.yaml in its files but has dependencies in its
metadata. Hence it is not a valid APIVersion v1 chart.
Signed-off-by: Paul "Hampy" Hampson <p_hampson@wargaming.net>
When enabled, during the rendering process, this feature flag will not validate rendered templates against the Kubernetes OpenAPI Schema.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* fix(helm): add --description flag to 'helm install', 'helm upgrade', and 'helm uninstall'
When added, this flag allow us to add a custom description to the release. E.g. '--description "my custom description"'
Closes#7033
Signed-off-by: Juan Matias Kungfu de la Camara Beovide <juanmatias@gmail.com>
* fix(helm): fixed style issues on top of previous commit (3a43a9a487)
Closes#7033
Signed-off-by: Juan Matias Kungfu de la Camara Beovide <juanmatias@gmail.com>
* fix(helm): fixed wrong test issue on top of previous commit (3a43a9a)
Closes#7033
Signed-off-by: Juan Matias Kungfu de la Camara Beovide <juanmatias@gmail.com>
Fixes a few bugs related to tls config when installing charts:
1. When installing via relative path, tls config for the selected
repository was not being set.
2. The `--ca-file` flag was not being passed when constructing the
downloader.
3. Setting tls config was not checking for zero value in repo
config, causing flag to get overwritten with empty string.
There's still a few oddities here. I would expect that the flag
passed in on the command line would override the repo config, but
that's not currently the case. Also, we always set the cert, key
and ca files as a trio, when they should be set individually
depending on combination of flags / repo config.
Signed-off-by: James McElwain <jmcelwain@gmail.com>
The 'helm get values' has its own Run() method in the action package.
So, unlike the other 'get' variants, it needs to check for the
reachability of the cluster itself.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
Adding unit tests for an issue that has come up multiple times
where the archive processing code doesn't take into account the
`tar.TypeXHeader` / `tar.TypeXGlobalHeader` entries that GitHub
adds when creating a release archive for a chart, for example
`https://github.com/org/repo/master.tar.gz`.
Signed-off-by: Geoff Baskwill <me@geoffbaskwill.ca>
When reporting an incompatible Kubernetes version, due to a version constraint from the kubeVersion field, the error message should report with the correct field name.
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
This was a missed update when we updated the k8s libraries. I validated
that this works for CRD installs with v1beta1 and v1
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
`Update()` gets repo names before resolving a lock file by calling
`resolveRepoNames(req)`. But that method changes aliased repo URLs into
the actual URLs. That makes digests from `helm update` and `helm build`
be different for each other.
To make them in sync, setting actual (resolved) repo URLs into the
loaded chart during `helm build` is necessary. Thus, this commit adds an
extra step in the `Build()` implementation.
For comments, this commit also changes the name of `getRepoNames()` into
`resolveRepoNames()` to avoid misunderstanding since getters are
expected to not mutate their input data in general.
Signed-off-by: Hang Park <hangpark@kaist.ac.kr>
This blocks a particular error (caused by upstream discovery client),
printing a warning instead of failing. It's not a great solution, but is
a stop-gap until Client-Go gets fixed.
Closes#6361
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
When 'helm3 lint <chart-name>.tar.gz' is run, this will lint Chart.yaml in the package
Closes#6535
Signed-off-by: Kamalashree N <nagaraj.kamalashree@gmail.com>
This port fixes the bug #6820 for helm3
which was fixed in helm2 with the pull request 4850
https://github.com/helm/helm/pull/4850
Signed-off-by: Lam Le <lam281990@gmail.com>
The sorting method for manifests contained a check to see if the API
version existed. This violates separation of concerns as the sorter
should just sort and leave validation to other parts of the code.
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
To make digests include information about Chart.yaml dependencies, not
only the lock file, digest calculation is changed to accept both
contents. This terminates the `dep build` command if Chart.yaml
dependencies have been updated so that `dep up` should be executed
properly, to prevent downloading wrong versions or mismatched subcharts.
Note that previous Helm cannot know whether Chart.yaml dependencies were changed
or not since the Chart.lock's digest is calculated by only Chart.lock
contents, which don't include information about SemVer ranges and extra
dependency fields such as aliases, conditions, and tags. Specially,
SemVer can be written as a version range in Chart.yaml, but Chart.lock
has the specific, resolved version of that range.
Signed-off-by: Hang Park <hangpark@kaist.ac.kr>
v3 port of #6792
After doing some more digging, I found out that updating the status
of an `Ingress` object is completely optional. Because of this, Helm
cannot support ingresses with the `--wait` flag because there is no
standard way to identify that they are ready
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
Introduce the `--devel` flag for `helm repo search` command.
`helm repo search` - searches only for stable releases, prerelease versions will be skip
`helm repo search --devel` - searches for releases and prereleases (alpha, beta, and release candidate releases)
`helm repo search --version 1.0.0 - searches for release in version 1.0.0
Signed-off-by: Mateusz Szostok <szostok.mateusz@gmail.com>
This reverts commit f94bac0643.
Due to a major numeric regression detected in dev-v2 reported in #6708,
we believe the master branch (former dev-v3) is also impacted by this
change and will expose the same set of problems. In order to not
jeopardize the stability of helm3 this commit is reverted in favor of a
better fix in the future.
Signed-off-by: Oleg Sidorov <me@whitebox.io>
This code was ported over from PR #5038, #6738 which were originally for helm
v2. The code contains functions from golang/dep/internal/fs for renaming files.
Signed-off-by: Yagnesh Mistry <ysh@live.in>
This commit includes failing tests for a bug reported by #6416 and
several bugs due to #5874. `helm dependency build` command fails if one
of subcharts has optional dependency fields (e.g. Alias / Condition /
Tags) or SemVer ranges.
Signed-off-by: Hang Park <hangpark@kaist.ac.kr>
This is a v3 port of #6612. There have been significant changes due to the way
Helm 3 refactored things. I chose to add the method for getting logs to the
testing client because it seemed like something that someone using Helm
as an SDK might want. It takes a writer because it is more efficient (less
copying) and can write to any sort of buffer desired
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
We already had the copystructure library in our dependencies transitively
through sprig. This solves a gob encoding bug that was causing issues with
chart testing
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
Fixes#5733
This adds two specific checks. A warning if a chart has a `crd-install` hook
and an error if the chart contains `.Release.Time`. Further checks can be added
down the road as needed using the same pattern I use here
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
this was partially fixed in #6430 but the fix only
worked for values without nesting. this PR fixes it.
this is done by doing a deep copy of values rather
than a top level keys copy. deep copy ensures
values are not mutated during coalesce()
execution which leads to bugs like #6659
the deep copy code has been copied from:
https://gist.github.com/soroushjp/0ec92102641ddfc3ad5515ca76405f4d
which is in turn inspired by this stackoverflow answer:
http://stackoverflow.com/a/28579297/1366283
Signed-off-by: Karuppiah Natarajan <karuppiah7890@gmail.com>
Added a tgz "frobnitz.v1.tgz" of the testdata folder frobnitz.v1
Verified that without the fix the unit test fails and re-produces
the issue.
Signed-off-by: Sidharth Surana <ssurana@vmware.com>
While working on #6519, it took me hours to figure out why the error
returned from `Save` was nil even though `writeTarContents` returned a
non-nil error. I fixed the bug as part of that PR; the purpose of this
commit is to prevent it from happening again.
What made me (as a Go beginner) so confused was the impression that
there was only ever one `err` variable, global to the entire `Save`
function, when in fact there were also several local ones shadowing it.
(I thought := could be used to reassign an existing variable.)
This commit makes it clear that any `err` defined locally in the last
`if` statement will not be returned at the end, and hence must be
explicitly returned in the body of said `if` statement.
(This commit initially was larger; see #6669.)
Signed-off-by: Simon Alling <alling.simon@gmail.com>
Any method that had a function parameter that was a `Time` or returned a
`Time` is now wrapped so you can use our time wrapper without any weird conventions
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This package mainly exists to workaround an issue in Go
where the serializer doesn't omit an empty value for time:
https://github.com/golang/go/issues/11939. This replaces all
release and hook object time references with the new time package
so things actually marshal correctly
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
Consistenly remove all arguments which are passed as environment
variables.
Get all arguments from environment variables passed to plugins.
Signed-off-by: Jonas Rutishauser <jonas.rutishauser@alumni.ethz.ch>
The recent init action config switched the order of how variables get bound
and where. This led to the namespace variable not being propagated down into
the calls to kubernetes.
Co-authored-by: Matthew Fisher <matt.fisher@microsoft.com>
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
Because these were additions, git didn't pick up that the recent refactor of
env settings had changed some of the variables. This fixes those small changes
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
* Drop dependency on k8s.io/kubernetes
https://github.com/helm/helm/issues/6606
Depending on k8s.io/kubernetes is not recommended by Kubernetes, and
forces dependencies of Helm to also depend on them. We are only using
this dependency in one relatively isolated occurance, which can be
easily copied over rather than depending on the entire Kubernetes.
Copying this code is not very desirable, so if we don't want to have
this duplication we can at least use this PR as a PoC and see if we can
get Kubernetes to publish the controller package as a separate Go module
(see
https://github.com/kubernetes/kubernetes/issues/79384#issuecomment-538740756)
Signed-off-by: John Howard <howardjohn@google.com>
* Move to internal
Signed-off-by: John Howard <howardjohn@google.com>
* Exclude third_party from validate-license.sh
Signed-off-by: John Howard <howardjohn@google.com>
The seemingly redundant `return filename, err` line is related to how
the name `err` is used throughout the function: there is a "global" (to
the function) `err` variable, as well as several locally block-scoped
ones. It took me hours to understand why my code did not work without
that line, but I decided not to clean up the `err` code in this commit.
Signed-off-by: Simon Alling <alling.simon@gmail.com>
This greatly simplifies how to obtain the list of output.Format.
It no longer provides a way to list all output.Format, but focuses
on providing a list of string representation of output.Format, as this
is what is actually needed.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
This isolates the listing of the different formats to the output.go
file. It is more future-proof if another format is added.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>