Service accounts must be installed before secrets when service account tokens (secrets) are be managed by Helm. Otherwise Kubernetes will delete any service account token right after creation, since there is no service account mounting the token (see https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#token-controller)
Closes#7159.
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
The sorting method for manifests contained a check to see if the API
version existed. This violates separation of concerns as the sorter
should just sort and leave validation to other parts of the code.
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
Any method that had a function parameter that was a `Time` or returned a
`Time` is now wrapped so you can use our time wrapper without any weird conventions
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This package mainly exists to workaround an issue in Go
where the serializer doesn't omit an empty value for time:
https://github.com/golang/go/issues/11939. This replaces all
release and hook object time references with the new time package
so things actually marshal correctly
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This updates commands install, upgrade, delete, and test to share the
same implementation for hook execution.
BREAKING CHANGES:
- The `test-failure` hook annotation is removed.
Signed-off-by: Jacob LeGrone <git@jacob.work>
This commit replaces usage of github.com/ghodss/yaml with it's forked
version maintained by SIG community. The replaced library has
low-to-none support activity unlike the latter. We believe the new
Helm branch could benefit from using the community-supported version on
a long-term run as yaml parser is a key component of Helm chart rendering
engine.
This commit locks sigs.k8s.io/yaml dependency version on 1.1.0 which
is backwards compatible with ghodss/yaml 1.0.0.
This change also resolves the outdated dependency version lock for
ghodss/yaml (currently 1.0.0) and makes it possible to port changes from
https://github.com/helm/helm/pull/6010 to dev-v3.
Signed-off-by: Oleg Sidorov <oleg.sidorov@booking.com>
* feat: add pkg/action to encapsulate action logic
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* feat: replace client/server internals with action package
While we removed Tiller, we left the internal client/server architecture mostly intact. This replaces that architecture with the `pkg/action` package.
This implements the action package for list, but nothing else.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* feat: Add install and refactor some tests
This adds install to the action package, and then fixes up a lot of testing.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: Move a bunch of sorters to the releaseutils package
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: updated APIs and fixed a failed test
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* Use var for timestamper, instead of adding as a struct field
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
To match the convention of `helm install`, `helm uninstall` is the inverse.
Other tangential changes in this PR:
- StatusDeleting has been changed to StatusUninstalling
- StatusDeleted has been changed to StatusUninstalled
- `helm list --deleted` has been changed to `helm list --uninstalled`
- `helm list --deleting` has been changed to `helm list --uninstalling`
- `helm.DeleteOption` and all delete options have been renamed to `helm.UninstallOption`
I have not made any changes to the "helm.sh/hook-delete-policy", "pre-delete" and "post-delete" hook annotations because
1. it's a major breaking change to existing helm charts, which we've commited to NOT break in Helm 3
2. there is no "helm.sh/hook-install-policy" to pair with "helm.sh/hook-uninstall-policy", so delete still makes sense here
`helm delete` and `helm del` have been added as aliases to `helm uninstall`, so `helm delete` and `helm del` still works as is.