When #8156 was merged it had the side effect that all hooks were
run all the time. All the hooks were put in the flow of the
content rendered and sent to Kubernetes on every command.
For example, if you ran the following 2 commands the test hooks
would run:
helm create foo
helm install foo ./foo
This should not run any hooks. But, the generated test hook is run.
The change in this commit moves the writing of the hooks to output
or disk back into the template command rather than in a private
function within the actions. This is where it was for v3.2.
One side effect is that post renderers will not work on hooks. This
was the case in v3.2. Since this bug is blocking the release of v3.3.0
it is being rolled back. A refactor effort is underway for this section
of code. post renderer for hooks should be added back as part of that
work. Since post renderer hooks did not make it into a release it
is ok to roll it back for now.
There is code in the cmd/helm package that has been duplicated from
pkg/action. This is a temporary measure to fix the immediate bug
with plans to correct the situation as part of a refactor
of renderResources.
Signed-off-by: Matt Farina <matt@mattfarina.com>
Two things changed in this commit...
1. The Build behavior was restored and the change only impacts
Update. This is a more minimal functionality change thats
a more secure behavior
2. Cleanup from Josh's feedback on the PR to create a const
and comment changes
Signed-off-by: Matt Farina <matt@mattfarina.com>
If a repository was not know to helm (e.g. added using helm repo add)
then Helm would use the range set in the depenencies as the version
in the lock file. Lock files should not have ranges since they are
locked to versions.
Helm did this because the version information for repositories was
not know to Helm. This change fixes that by making the repository
and chart information known to Helm so it can resolve the versions.
Closes#8449
Signed-off-by: Matt Farina <matt@mattfarina.com>
* fix(sdk): Polish the downloader/manager package error return
Close#8471
Signed-off-by: Dong Gang <dong.gang@daocloud.io>
* Modify the repositories validation function `resloveRepoNames` and add a
unit test.
Signed-off-by: Dong Gang <dong.gang@daocloud.io>
* Remove wrong commit
Signed-off-by: Dong Gang <dong.gang@daocloud.io>
If two `helm upgrade`s are executed at the exact same time, then one of
the invocations will fail with "already exists".
If one `helm upgrade` is executed and a second one is started while the
first is in `pending-upgrade`, then the second invocation will create a
new release. Effectively, two helm invocations will simultaneously
change the state of Kubernetes resources -- which is scary -- then two
releases will be in `deployed` state -- which can cause other issues.
This commit fixes the corrupted storage problem, by introducting a poor
person's lock. If the last release is in a pending state, then helm will
abort. If the last release is in a pending state, due to a previously
killed helm, then the user is expected to do `helm rollback`.
Closes#7274
Signed-off-by: Cristian Klein <cristian.klein@elastisys.com>
* fix(template):Issue:helm template with --output-dir doesn't write template with a hook to file
Close#7836
Signed-off-by: Dong Gang <dong.gang@daocloud.io>
* fix go file style
Signed-off-by: Dong Gang <dong.gang@daocloud.io>
* fix go file style
Signed-off-by: Dong Gang <dong.gang@daocloud.io>
Previously, the `helm ls --$state` operation would display outdated
releases under certain conditions.
Given the following set of releases:
```
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
bar 1 Wed Apr 8 16:54:39 2020 DEPLOYED bar-4.0.0 1.0 default
foo 1 Fri Feb 7 06:16:56 2020 DEPLOYED foo-0.1.0 1.0 default
foo 2 Mon May 4 07:16:56 2020 FAILED foo-0.1.0 1.0 default
foo 3 Mon May 4 07:20:00 2020 FAILED foo-0.1.0 1.0 default
foo 4 Tue May 5 08:16:56 2020 DEPLOYED foo-0.2.0 1.0 default
qux 1 Tue Jun 9 10:32:00 2020 DEPLOYED qux-4.0.3 1.0 default
qux 2 Tue Jun 9 10:57:00 2020 FAILED qux-4.0.3 1.0 default
```
`helm ls --failed` produced the following output:
```
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
foo 3 Mon May 4 07:20:00 2020 FAILED foo-0.1.0 1.0 default
qux 2 Tue Jun 9 10:57:00 2020 FAILED qux-4.0.0 1.0 default
```
Including the `qux` release in that `helm ls --failed` output is not
controversial; the most recent revision of `qux` was not successful
and an operator should investigate.
Including the `foo` release in the output, however, is
questionable. Revision 3 of `foo` is _not_ the most recent release of
`foo`, and that FAILED release was fixed in a susubsequent upgrade. A
user may see that FAILED deploy and start taking inappropriate
action. Further, that issue was fixed months ago in this example --
troubleshooting an old deploy may not be safe if significant changes
have occurred. Concern over this behavior was raised in
https://github.com/helm/helm/issues/7495.
This behavior applied to all the state filter flags (--deployed,
--failed, --pending, etc.), and a user could pass multiple state
filter flags to a single command. The previous behavior can be
summarized as follows:
For each release name, all release revisions having any of the
supplied state flags were retrieved, and the most recent revision
among these was returned (regardless of whether a newer revision of an
unspecified state exists).
This change request alters the helm list action to match user
expectations such that only "current" releases are shown when
filtering on release state. After this change, the following output
would be produced by `helm ls --failed`:
```
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
qux 2 Tue Jun 9 10:57:00 2020 FAILED qux-4.0.0 1.0 default
```
The command now returns only `qux` because it is the only "current" FAILED release.
This behavior change applies to all the state filters _except_
`superseded`, which now becomes a special case. By definition, at
least one newer release exists ahead of each superseded release. A
conditional is included in this change request to maintain the
preexisting behavior (return "most recent" superseded revison for
each release name) if the superseded state filter is requested.
---
Note that there is an alternate perspective that a state filter flag
should return all releases of a given state rather than only the
"current" releases. In the above example, `helm ls --failed` with this
approach would return the following:
```
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
foo 2 Mon May 4 07:16:56 2020 FAILED foo-0.1.0 1.0 default
foo 3 Mon May 4 07:20:00 2020 FAILED foo-0.1.0 1.0 default
qux 2 Tue Jun 9 10:57:00 2020 FAILED qux-4.0.0 1.0 default
```
Multiple FAILED `foo` revisions are included in the output, unlike the current behavior.
This approach is logical and achievable. It allows a user to find
exactly what is requested: all historical releases of a given
state. In order to achieve continuity with helm behavior, however, a
new filter (something like "current") would probably need to be
implemented and become the new default.
Given current helm behavior as well as the comments in the #7495, I
did not pursue this approach.
---
Technical details:
- Moved list action state mask filter after latest release filter
Previously, the list operation in helm/pkg/action/list.go skipped
releases that were not covered by the state mask on _retrieval_ from
the Releases store:
```
results, err := l.cfg.Releases.List(func(rel *release.Release) bool {
// Skip anything that the mask doesn't cover
currentStatus := l.StateMask.FromName(rel.Info.Status.String())
if l.StateMask¤tStatus == 0 {
return false
}
...
```
8ea6b970ec/pkg/action/list.go (L154-L159)
While filtering on retrieval in this manner avoided an extra iteration
through the entire list to check on the supplied condition later, it
introduced the possibility of returning an outdated release to the
user because newer releases (that would have otherwise squashed
outdated releases in the `filterList` function) are simply not
included in the set of working records.
This change moves the state mask filtering process to _after_ the set
of current releases is built. Outdated, potentially misleading
releases are scrubbed out prior to the application of the state mask
filter.
As written, this state mask filtration (in the new `filterStateMask`
method on `*List`) incurs an additional, potentially expensive
iteration over the set of releases to return to the user. An
alternative approach could avoid that extra iteration and fit this
logic into the existing `filterList` function at the cost of making
`filterList` function a little harder to understand.
- Rename filterList to filterLatestReleases for clarity
Another function that filters the list is added, so update
to the more descriptive name here.
- List superseded releases without filtering for latest
This change makes superseded releases a special case, as they would
_never_ be displayed otherwise (by definition, as superseded releases have been
replaced by a newer release), so a conditional maintains current
behavior ("return newest superseded revision for each release name")
Fixes#7495.
Signed-off-by: Andrew Melis <andrewmelis@gmail.com>
If stat returns an error other than the directory not existing
it was unhandled. When IsDir is called in one of these situations
it causes a panic.
Closes#8181
Signed-off-by: Matt Farina <matt@mattfarina.com>
Since Tiller is no longer part of Helm v3, internal documentation
language about Tiller can be removed
Signed-off-by: Matt Farina <matt@mattfarina.com>
* Fixing issue with PAX headers in plugin archive
PAX Headers can be added by some systems that create archives. Helm
should ignore them when extracting.
There are two PAX headers. One is global and the other is not. Both
are ignored. The test adds only the PAX global header because the
Go tar package is unable to write the header that is not global.
Closes#8084
Signed-off-by: Matt Farina <matt@mattfarina.com>
* Removing the PAX header test as it is not working
The PAX header test was making a WriteHeader call and ignoring the
error. When writing the type TypeXHeader it was causing an error
that was being silently ignored. The Go tar package cannot write
this type and produces an error when one tries to. The error reads
"cannot manually encode TypeXHeader, TypeGNULongName, or TypeGNULongLink
headers"
Signed-off-by: Matt Farina <matt@mattfarina.com>
* Adding check of returned error in test
Adding a check for the returned error to make sure a non-nil value
is not returned.
Signed-off-by: Matt Farina <matt@mattfarina.com>
* fix: make the linter coalesce the passed-in values before running values tests
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fixed typo
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Add api group:
- apiextensions.k8s.io/v1beta1
- rbac.authorization.k8s.io/v1alpha1
Also, some kinds moved from extensions/v1 to extensions/v1beta1
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
A chart being installed which only contains CRDs and not
any templates tries to install the resources by default.
The resourceList which is used in this case does not check
if there are resources present in it or not. This commit
adds checks to those particular places where we need to check
if the size of resourceList > 0 during installation and deletion.
Signed-off-by: Vibhav Bobade <vibhav.bobde@gmail.com>
Helm had been exposing XDG based variables to end users. This lead
to confusion. For example, if a user wanted to change the cache
location Helm used should they change the XDG variable? Since this
would be like changing the HOME environment variable the answer
is no.
This change adds HELM_*_HOME environment variables to be used
in addition to XDG ones of the same name. Helm will now look
for the Helm specific variable. If not set, Helm will fall
back to XDG locations. If those are not set a default location
will be used. This keeps XDG in use as a default when present,
provides users with the ability to set the location, and removes
XDG from being exposed to end users to avoid confusion.
Closes#7919
Signed-off-by: Matt Farina <matt@mattfarina.com>
* fix: write index.yaml file atomically
This refactors the already-existing `AtomicWriteFile` utility
to a central location and uses it to write index files
atomically.
This is done to avoid having half-written index files break
client requests.
Drive-bys:
- Add test for AtomicWriteFile.
- Add test IndexFile.WriteFile.
Signed-off-by: rabadin <rvbadin@gmail.com>
* Review fix: use RenameWithFallback instead of os.Rename
Signed-off-by: rabadin <rvbadin@gmail.com>
Co-authored-by: rabadin <rvbadin@gmail.com>
In the created chart from `helm create` is notes a tag overrides
version. It actually overrides appVersion. Updating the docs
to reflect reality.
Signed-off-by: Matt Farina <matt@mattfarina.com>
Removes the BOM prefix if present, in read files before
processing the data.
Affects the following pkg:
- pkg/chart/loader: directory and archive loader
- internal/ignore: when loading .helmignore file
Signed-off-by: Thomas FREYSS <thomas.freyss@gmail.com>
* return the new values if modifications dont yet exist
Signed-off-by: David Pait <DP19@users.noreply.github.com>
* fix tests
Signed-off-by: David Pait <DP19@users.noreply.github.com>
* removed outter if statement as its not needed now
Signed-off-by: David Pait <DP19@users.noreply.github.com>
* Parse reference templates in predictable order
Fix issue #7701
Signed-off-by: Andre Sencioles <asenci@gmail.com>
* Add test case for issue #7701 regression
Signed-off-by: Andre Sencioles <asenci@gmail.com>
* gofmt
Signed-off-by: Andre Sencioles <asenci@gmail.com>
Note, there is an issue with a dependency of sprig changing
behavior. A test has been added with a description to catch if a
behavior breaking change of mergo is used.
See https://github.com/imdario/mergo/issues/139 for the mergo
issue and sprig for further details on handling this in the
future.
Closes #7533
Signed-off-by: Matt Farina <matt@mattfarina.com>
The error message returned from Kubernetes when APIs are
removed is not very informative. This PR adds additional
information to the user. It covers the current release manifest
APIs.
Partial #7219
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Continue deleting objects when one fails to minimize the risk of an
upgrade ending in an unrecoverable state
* Exclude failed deleted object from the returned result set
Signed-off-by: Adam Reese <adam@reese.io>
* test(pkg/storage/secrets): make MockSecretsInterface.List follow ListOptions
Signed-off-by: Lu Fengqi <lufq.fnst@cn.fujitsu.com>
* test(pkg/storage/secrets): add unit test for Secrets.Query
Signed-off-by: Lu Fengqi <lufq.fnst@cn.fujitsu.com>
* test(pkg/storage/cfgmaps): make MockConfigMapsInterface.List follow ListOptions
Signed-off-by: Lu Fengqi <lufq.fnst@cn.fujitsu.com>
* test(pkg/storage/cfgmaps): add unit test for ConfigMaps.Query
Signed-off-by: Lu Fengqi <lufq.fnst@cn.fujitsu.com>
* docs: Update inline docs on action/upgrade.go
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* clarify atomic and cleanup-on-fail
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* updated the post-render documentation on action.Upgrade
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Upgrade Kubernetes libraries to v0.18.0
Add new lazy load KubernetesClientSet to avoid missing kubeconfig error
In kubernetes v1.18 kubeconfig validation was added. Minikube and Kind
both remove kubeconfig when stopping clusters. This causes and error
when running any helm commands because we initialize the client before
executing the command.
Signed-off-by: Adam Reese <adam@reese.io>
* fix: fixed bug in Dependency.List()
A bug in Dependency.List() caused all compressed charts to flag their dependencies as "missing".
Closes#4431
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* removed some files from test fixtures
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
The version field in the Chart.yaml has a comment describing it
but it did not note the version needs to follow SemVer. There
have been numerous questions, over time, about this format. Add
note here so it's exposed in more places.
Signed-off-by: Matt Farina <matt@mattfarina.com>
While using the chart version as image tag is the sanest default, it is not uncommon to want to override this if using a custom image, or using helm to manage an in-house app running different tags across different environments.
Signed-off-by: Naseem <naseem@transit.app>
* fix: update unit test for go 1.14 error string change
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* changed strategy based on conversation with Adam
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
- Removed most right whitespace chomps except those directly following a
template definition where it make sense to not lead with a blank line.
The system applied is now to almost always left whitespace chomp but
also whitespace chomp right if its the first thing in a file or
template definition.
- Updated indentation to be systematic throughout all the boilerplace
files.
Signed-off-by: Erik Sundell <erik.i.sundell@gmail.com>
The 'helm upgrade' command was not checking if the cluster was reachable.
Also, 'helm upgrade --install' first checks if the release exists
already. If that check fails there is no point in continuing the
upgrade. This optimization avoids a second timeout of 30 seconds when
trying to do the upgrade.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
When archives are created on windows the path spearator in the
archive file is \\. This causes issues when the file is unpacked.
For example, on Linux the files are unpacked in a flat structure
and \ is part of the file name. This causes comp issues. In Helm
v2 the path was set as / when the archive was written. This works
on both Windows and POSIX systems.
The fix being implemented is to use the ToSlash function to ensure
/ is used as the separator.
Fixes#7748
Signed-off-by: Matt Farina <matt@mattfarina.com>
If several instances of Helm are run at the same moment and try to download the
same chart, some of them might see an empty or incomplete file in cache. Prevent
that by saving the dowloaded file atomically.
Closes#7600
Signed-off-by: Mikhail Gusarov <misha@ridge.co>
* fix: add new static linter and fix issues it found
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fixed two additional linter errors.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
It is more idiomatic to compare the string against the empty string than to check the string's length.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
Don't delete a resource on upgrade if it is annotated with
helm.io/resource-policy=keep. This can cause data loss for users
if the annotation is ignored(e.g. for a PVC)
Close#7677
Signed-off-by: Dong Gang <dong.gang@daocloud.io>
This complements the verification output fixed in #7706. On verify
there should be some detail about the verification rather than
no information.
Signed-off-by: Matt Farina <matt@mattfarina.com>
When using the --verify flag on the pull command the output was
an internal Go object rather than useful detail. This is a bug.
The output new displays who signed the chart along with the
hash.
Fixes#7624
Signed-off-by: Matt Farina <matt@mattfarina.com>
The memory driver is used for go tests. It can also be used from the
command-line by setting the environment variable HELM_DRIVER=memory.
In the latter case however, there was no way to pre-provision some
releases.
This commit introduces the HELM_MEMORY_DRIVER_DATA variable which
can be used to provide a colon-separated list of yaml files specifying
releases to provision automatically.
For example:
HELM_DRIVER=memory \
HELM_MEMORY_DRIVER_DATA=./testdata/releases.yaml \
helm list --all-namespaces
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
This is a copy of the --disable-openapi-validation flag from the install command as introduced by Matthew Fisher.
See commit 67e57a5fbb
It allows upgrading releases without the need to validate the Kubernetes OpenAPI Schema.
Signed-off-by: Sebastian Voinea <sebastian.voinea@gmx.de>
But instead use a newly initialized Scheme with only Kubernetes native
resources added. This ensures the 3-way-merge patch strategy is not
accidentally chosen for custom resources due to them being added
to the global Scheme by e.g. versioned clients while using Helm as a
package, and not a self-contained binary.
Signed-off-by: Hidde Beydals <hello@hidde.co>
The template command uses the memory driver. This driver now supports
namespaces, so the template code-path now specifies the namespace as
required by the memory driver.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
* Fix issue with apiVersion v1 lock digest
When apiVersion v1 chart dependencies are built with Helm 2
and then built with Helm 3, the lock digests differ. To avoid
this issue, a depdendency update is forced.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Check against Helm v2 hash
Handle scenario where dependency hash was generated by Helm v2
but need to do a dependency build with Helm v3.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Add unit test
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Refactor unit test
Refactor unit test to use an existing chart as dependency
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Update after review
Comments:
- https://github.com/helm/helm/pull/7261#discussion_r373827088
- https://github.com/helm/helm/pull/7261#discussion_r373827250
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Allow template output to use release name
helm template output command uses the chart name only when writing
templates to disk. This changes will also use the release name
to avoid colloiding the path when output nore than one release
of smae chart.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Update after review
Comment:
- https://github.com/helm/helm/pull/7503/files#r374130090
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
These flags snuck in through a feature that was reverted and removed in Helm 2, but snuck into Helm 3.
They were never hooked up or used, so they were a no-op. This shouldn't affect anyone.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
Use the same install order for hooks as for normal resources (non-hooks) for hooks with equal weight.
This makes resource handling more consistent and helps, when there are hook consisting of several resources like e.g. a service account and a job using this service account.
The sort functions are changed from an in place search to an out of place sort to avoid inout parameters.
Closes#7416.
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
Remove references to protobuf and update description of release
object stored representation to Helm v3.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
Helm does not yet properly handle concurrent executions (see #7322),
and invoking Helm concurrently on the same release lead to corrupted storage.
Specifically, several Releases may be marked as DEPLOYED. This patch improved handling of such situations, by taking the latest
DEPLOYED Release. Eventually, the storage will clean itself out, after
the corrupted Releases are deleted due to --history-max.
This is a port to Helm v3 of #7319.
Signed-off-by: Cristian Klein <cristian.klein@elastisys.com>
The error returned from DeployedAll will never contain "not found".
The error returned at the end of Deployed is already known to be nil,
and we never want to return ls[0] together with a non-nil error anyway.
Signed-off-by: Simon Alling <alling.simon@gmail.com>
The completion of charts was using 'helm search repo' which can be
quite slow as it must parse the entire yaml of every repo cache file.
Using completion for a chart name can end up triggering multiple calls
to 'helm search'; this makes the user experience poor, as there is
a delay of over a second at every <TAB> press.
This commit creates a cache file for each repo which contains the list
of charts for that repo. The completion logic then uses this new
cache file directly and obtains the chart names very quickly.
With only the stable repo configured, this optimization makes the
completion of charts about 85 times faster, going from 1.2 seconds to
0.014 seconds; such a difference gives a much better user experience
when completing chart names.
On the other hand, adding the creation of the chart list cache file to
'helm repo update' or 'helm repo add' is pretty much negligible compared
to the downloading of the index file.
It is also worth noting that when more repos are configured,
'helm search repo' only becomes slower, while the completion logic that
uses the new chart list cache file will not be affected as it only looks
for the single relevant repo file.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
I was looking into the `get` command, and got tripped up by the
`Version` variable. It was unclear to me what Version represents, since
it's called REVISION when doing e.g., `helm list`.
But even after knowing this, it was not very clear to me why we
(implicitly) set the Version variable to 0 but never seem to use it.
`mhickey` explained to me on Slack that this gets the latest revision of
the release. Makes sense, but I added a comment about that too, to
clarify.
Signed-off-by: Andreas Lindhé <andreas@lindhe.io>
* Include serviceAccount.annotations value
Signed-off-by: Naseem <naseemkullah@gmail.com>
* Add comment about service account annotations
Signed-off-by: Naseem <naseemkullah@gmail.com>
Service accounts must be installed before secrets when service account tokens (secrets) are be managed by Helm. Otherwise Kubernetes will delete any service account token right after creation, since there is no service account mounting the token (see https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#token-controller)
Closes#7159.
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
Fixes issue #7279.
Prevent the deletion of CRDs that were defined in the `templates/`
directory. This makes CRD deletion behaviour consistent with Helm
documentation:
> CRDs are never deleted. Deleting a CRD automatically deletes all of the
> CRD’s contents across all namespaces in the cluster. Consequently, Helm
> will not delete CRDs.
Previous the documentation only applied to CRDs that were defined in the
`crds/` directory. It did not consider that Charts could have CRDs in the
`templates/` directory (for example charts that were written before the
`crds/` directory feature or if the Chart author needed templated CRDs).
Signed-off-by: Phil Grayson <phil@philgrayson.com>
Mercurial VCS (hg) backout's can generate '.orig' files
to avoid these being picked, generate a .helmignore where
also the .orig files are ignored.
Signed-off-by: Jan Heylen <jan.heylen@nokia.com>
* Port watcher with retries to wait for resources
Port of Helm 2 PR #6014 to Helm 3
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Add fix from PR #6907
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
Add intervening line into lazypath.go, so that license is
not treated by godoc as a package description.
Standardize license comment for xdg package.
Add missing package descriptions.
Signed-off-by: Jakub Bielecki <jakub.bielecki@codilime.com>
The 'helm install' command returned confusing error messages if a flag was misspecified (e.g. `helm install name chart --set value foo`). This lead to an error indicating that a name should be specified for the command. Now an explicit check is done on the number of arguments passed, returning a message indicating the invalid arguments (`foo` in the example`).
Closes#7225
Signed-off-by: Lennard Eijsackers <lennardeijsackers92@gmail.com>
The existing unit test doesn't cover the most important functionality
of filterList(). Adding that check. Separately test the specific
namespace-related behavior.
Remove the dead variable anotherOldOne.
Signed-off-by: Jakub Bielecki <jakub.bielecki@codilime.com>
* Include requirements.* as Files in APIVersionV1
Fixes#6974.
This ensures that when reading a Chart marked with APIVersion v1, we
maintain the behaviour of Helm v2 and include the requirements.yaml and
requirements.lock in the Files collection, and hence produce charts that
work correctly with Helm v2.
Signed-off-by: Paul "Hampy" Hampson <p_hampson@wargaming.net>
* Write out requirements.lock for APIVersion1 Charts
This keeps the on-disk format consistent after `helm dependency update`
of an APIVersion1 Chart.
Signed-off-by: Paul "Hampy" Hampson <p_hampson@wargaming.net>
* Exclude 'dependencies' from APVersion1 Chart.yaml
This fixes `helm lint` against an APIVersion1 chart packaged with Helm
v3.
Signed-off-by: Paul "Hampy" Hampson <p_hampson@wargaming.net>
* Generate APIVersion v2 charts for dependency tests
As the generated chart contains no requirements.yaml in its files list,
but has dependencies in its metadata, it is not a valid APIVersion v1
chart.
Signed-off-by: Paul "Hampy" Hampson <p_hampson@wargaming.net>
* Generate APIVersion v2 charts for manager tests
Specifically for the charts that have dependencies, the generated chart
contains no requirements.yaml in its files but has dependencies in its
metadata. Hence it is not a valid APIVersion v1 chart.
Signed-off-by: Paul "Hampy" Hampson <p_hampson@wargaming.net>
When enabled, during the rendering process, this feature flag will not validate rendered templates against the Kubernetes OpenAPI Schema.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* fix(helm): add --description flag to 'helm install', 'helm upgrade', and 'helm uninstall'
When added, this flag allow us to add a custom description to the release. E.g. '--description "my custom description"'
Closes#7033
Signed-off-by: Juan Matias Kungfu de la Camara Beovide <juanmatias@gmail.com>
* fix(helm): fixed style issues on top of previous commit (3a43a9a487)
Closes#7033
Signed-off-by: Juan Matias Kungfu de la Camara Beovide <juanmatias@gmail.com>
* fix(helm): fixed wrong test issue on top of previous commit (3a43a9a)
Closes#7033
Signed-off-by: Juan Matias Kungfu de la Camara Beovide <juanmatias@gmail.com>
Fixes a few bugs related to tls config when installing charts:
1. When installing via relative path, tls config for the selected
repository was not being set.
2. The `--ca-file` flag was not being passed when constructing the
downloader.
3. Setting tls config was not checking for zero value in repo
config, causing flag to get overwritten with empty string.
There's still a few oddities here. I would expect that the flag
passed in on the command line would override the repo config, but
that's not currently the case. Also, we always set the cert, key
and ca files as a trio, when they should be set individually
depending on combination of flags / repo config.
Signed-off-by: James McElwain <jmcelwain@gmail.com>
The 'helm get values' has its own Run() method in the action package.
So, unlike the other 'get' variants, it needs to check for the
reachability of the cluster itself.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
Adding unit tests for an issue that has come up multiple times
where the archive processing code doesn't take into account the
`tar.TypeXHeader` / `tar.TypeXGlobalHeader` entries that GitHub
adds when creating a release archive for a chart, for example
`https://github.com/org/repo/master.tar.gz`.
Signed-off-by: Geoff Baskwill <me@geoffbaskwill.ca>
When reporting an incompatible Kubernetes version, due to a version constraint from the kubeVersion field, the error message should report with the correct field name.
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
This was a missed update when we updated the k8s libraries. I validated
that this works for CRD installs with v1beta1 and v1
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
`Update()` gets repo names before resolving a lock file by calling
`resolveRepoNames(req)`. But that method changes aliased repo URLs into
the actual URLs. That makes digests from `helm update` and `helm build`
be different for each other.
To make them in sync, setting actual (resolved) repo URLs into the
loaded chart during `helm build` is necessary. Thus, this commit adds an
extra step in the `Build()` implementation.
For comments, this commit also changes the name of `getRepoNames()` into
`resolveRepoNames()` to avoid misunderstanding since getters are
expected to not mutate their input data in general.
Signed-off-by: Hang Park <hangpark@kaist.ac.kr>
This blocks a particular error (caused by upstream discovery client),
printing a warning instead of failing. It's not a great solution, but is
a stop-gap until Client-Go gets fixed.
Closes#6361
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
When 'helm3 lint <chart-name>.tar.gz' is run, this will lint Chart.yaml in the package
Closes#6535
Signed-off-by: Kamalashree N <nagaraj.kamalashree@gmail.com>
This port fixes the bug #6820 for helm3
which was fixed in helm2 with the pull request 4850
https://github.com/helm/helm/pull/4850
Signed-off-by: Lam Le <lam281990@gmail.com>
The sorting method for manifests contained a check to see if the API
version existed. This violates separation of concerns as the sorter
should just sort and leave validation to other parts of the code.
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
To make digests include information about Chart.yaml dependencies, not
only the lock file, digest calculation is changed to accept both
contents. This terminates the `dep build` command if Chart.yaml
dependencies have been updated so that `dep up` should be executed
properly, to prevent downloading wrong versions or mismatched subcharts.
Note that previous Helm cannot know whether Chart.yaml dependencies were changed
or not since the Chart.lock's digest is calculated by only Chart.lock
contents, which don't include information about SemVer ranges and extra
dependency fields such as aliases, conditions, and tags. Specially,
SemVer can be written as a version range in Chart.yaml, but Chart.lock
has the specific, resolved version of that range.
Signed-off-by: Hang Park <hangpark@kaist.ac.kr>
v3 port of #6792
After doing some more digging, I found out that updating the status
of an `Ingress` object is completely optional. Because of this, Helm
cannot support ingresses with the `--wait` flag because there is no
standard way to identify that they are ready
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
Introduce the `--devel` flag for `helm repo search` command.
`helm repo search` - searches only for stable releases, prerelease versions will be skip
`helm repo search --devel` - searches for releases and prereleases (alpha, beta, and release candidate releases)
`helm repo search --version 1.0.0 - searches for release in version 1.0.0
Signed-off-by: Mateusz Szostok <szostok.mateusz@gmail.com>
This reverts commit f94bac0643.
Due to a major numeric regression detected in dev-v2 reported in #6708,
we believe the master branch (former dev-v3) is also impacted by this
change and will expose the same set of problems. In order to not
jeopardize the stability of helm3 this commit is reverted in favor of a
better fix in the future.
Signed-off-by: Oleg Sidorov <me@whitebox.io>
This code was ported over from PR #5038, #6738 which were originally for helm
v2. The code contains functions from golang/dep/internal/fs for renaming files.
Signed-off-by: Yagnesh Mistry <ysh@live.in>
This commit includes failing tests for a bug reported by #6416 and
several bugs due to #5874. `helm dependency build` command fails if one
of subcharts has optional dependency fields (e.g. Alias / Condition /
Tags) or SemVer ranges.
Signed-off-by: Hang Park <hangpark@kaist.ac.kr>
This is a v3 port of #6612. There have been significant changes due to the way
Helm 3 refactored things. I chose to add the method for getting logs to the
testing client because it seemed like something that someone using Helm
as an SDK might want. It takes a writer because it is more efficient (less
copying) and can write to any sort of buffer desired
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
We already had the copystructure library in our dependencies transitively
through sprig. This solves a gob encoding bug that was causing issues with
chart testing
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
Fixes#5733
This adds two specific checks. A warning if a chart has a `crd-install` hook
and an error if the chart contains `.Release.Time`. Further checks can be added
down the road as needed using the same pattern I use here
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
this was partially fixed in #6430 but the fix only
worked for values without nesting. this PR fixes it.
this is done by doing a deep copy of values rather
than a top level keys copy. deep copy ensures
values are not mutated during coalesce()
execution which leads to bugs like #6659
the deep copy code has been copied from:
https://gist.github.com/soroushjp/0ec92102641ddfc3ad5515ca76405f4d
which is in turn inspired by this stackoverflow answer:
http://stackoverflow.com/a/28579297/1366283
Signed-off-by: Karuppiah Natarajan <karuppiah7890@gmail.com>
Added a tgz "frobnitz.v1.tgz" of the testdata folder frobnitz.v1
Verified that without the fix the unit test fails and re-produces
the issue.
Signed-off-by: Sidharth Surana <ssurana@vmware.com>
While working on #6519, it took me hours to figure out why the error
returned from `Save` was nil even though `writeTarContents` returned a
non-nil error. I fixed the bug as part of that PR; the purpose of this
commit is to prevent it from happening again.
What made me (as a Go beginner) so confused was the impression that
there was only ever one `err` variable, global to the entire `Save`
function, when in fact there were also several local ones shadowing it.
(I thought := could be used to reassign an existing variable.)
This commit makes it clear that any `err` defined locally in the last
`if` statement will not be returned at the end, and hence must be
explicitly returned in the body of said `if` statement.
(This commit initially was larger; see #6669.)
Signed-off-by: Simon Alling <alling.simon@gmail.com>
Any method that had a function parameter that was a `Time` or returned a
`Time` is now wrapped so you can use our time wrapper without any weird conventions
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This package mainly exists to workaround an issue in Go
where the serializer doesn't omit an empty value for time:
https://github.com/golang/go/issues/11939. This replaces all
release and hook object time references with the new time package
so things actually marshal correctly
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
Consistenly remove all arguments which are passed as environment
variables.
Get all arguments from environment variables passed to plugins.
Signed-off-by: Jonas Rutishauser <jonas.rutishauser@alumni.ethz.ch>
The recent init action config switched the order of how variables get bound
and where. This led to the namespace variable not being propagated down into
the calls to kubernetes.
Co-authored-by: Matthew Fisher <matt.fisher@microsoft.com>
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
Because these were additions, git didn't pick up that the recent refactor of
env settings had changed some of the variables. This fixes those small changes
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
* Drop dependency on k8s.io/kubernetes
https://github.com/helm/helm/issues/6606
Depending on k8s.io/kubernetes is not recommended by Kubernetes, and
forces dependencies of Helm to also depend on them. We are only using
this dependency in one relatively isolated occurance, which can be
easily copied over rather than depending on the entire Kubernetes.
Copying this code is not very desirable, so if we don't want to have
this duplication we can at least use this PR as a PoC and see if we can
get Kubernetes to publish the controller package as a separate Go module
(see
https://github.com/kubernetes/kubernetes/issues/79384#issuecomment-538740756)
Signed-off-by: John Howard <howardjohn@google.com>
* Move to internal
Signed-off-by: John Howard <howardjohn@google.com>
* Exclude third_party from validate-license.sh
Signed-off-by: John Howard <howardjohn@google.com>
The seemingly redundant `return filename, err` line is related to how
the name `err` is used throughout the function: there is a "global" (to
the function) `err` variable, as well as several locally block-scoped
ones. It took me hours to understand why my code did not work without
that line, but I decided not to clean up the `err` code in this commit.
Signed-off-by: Simon Alling <alling.simon@gmail.com>
This greatly simplifies how to obtain the list of output.Format.
It no longer provides a way to list all output.Format, but focuses
on providing a list of string representation of output.Format, as this
is what is actually needed.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
This isolates the listing of the different formats to the output.go
file. It is more future-proof if another format is added.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
Before this commit:
$ helm lint my-chart # Finds errors in values.yaml
$ helm package my-chart
$ helm lint my-chart-1.0.0.tgz # Does not find errors in values.yaml
Signed-off-by: Simon Alling <alling.simon@gmail.com>
Co-authored-by: Andreas Lindhé <andreas@lindhe.io>
use *resource.Info.Namespace/Name because runtime.Object is a Interface
Signed-off-by: fengxusong <fengxsong@outlook.com>
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
This is a port of #5165 and the small refactor in #5610. This is the issue
where carefully crafted paths can reach outside of the intended chart directory
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This is a port of #3478 with some slight refactors to make it a bit more friendly.
It is technically a breaking change as it is changing the method signature from v2
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
This is a port of #5392. It also takes care of the small chore to update the default k8s
version to 1.16, which is the latest supported version
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
There were two different methods and varying ways to output the status of a release.
This standardizes all of the outputs, but requires a breaking change. Output will
not perfectly match previous v3 output, and we had to break the printing function
in the `action` package, but now things are much more standardized.
Fixes#6238
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
* Kubernetes updated to 1.16.1
* SemVer and Sprig updated to latest releases that leverage go
modules
* Tests and checks updated. These already landed in v2 via PR 6457
Signed-off-by: Matt Farina <matt@mattfarina.com>
Before this commit, `r.Enabled` was modified if and only if a boolean
was found in the for loop, and in that case, it was assigned the value
of said boolean, just in a more complicated way.
Signed-off-by: Simon Alling <alling.simon@gmail.com>
Currently, if using the --atomic flag or deleting a release that failed due to an already existing
resource, Helm will deleting those resources that aren't managed by it. This PR fixes the issue
by checking for pre-existing resources during install and upgrade. This is done as a validation
step so the release will not even be started if resources currently exist. This PR is inspired by
@xchapter7x's work in #3477.
This also fixes a small bug in upgrade where deletes fail if the resource was already deletes
Fixes#6407
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
* Port Helm 2 PR 4088 to Helm 3
Not a direct port as is but refactored for Helm 3.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Update unit test to test string retunred for different order
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Change release storage name to prefix helm storage type
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Add comments about the Kubernetes storage object type field content
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
As part of this port, I removed some now superfluous code from the `action` package.
This is technically a breaking change, but since the package was introduced in v3, it
is highly unlikely anyone is using it and we are still within the beta window.
Also closes#6437
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
I made a few modifications from the original code to fit in with the new
code layout and to clarify a few things. This is a port of #3758
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
we want to force a cache invalidation to ensure that the Capabilities object always has the latest information from the server (Kubernetes server version, available API versions, etc). `kubectl version` forces a cache invalidation every time it's invoked, so this seems like a safe change that is identical to kubectl's behaviour.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
This ports the functionality of cleanup on fail to v3 as introduced in #4871. This has been tested manually
and would be a good candidate for a new acceptance test.
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
* Use `apps/v1` for Deployment
* Reformat comments
* Consistently use `nindent` and indent properly
* Introduce named template for selector labels
* Fix label selector in `NOTES.txt`
Signed-off-by: Reinhard Naegele <unguiculus@gmail.com>
* fix: clear the discovery cache after CRDs are installed
This fixes an issue in which a chart could not contain both a CRD and an instance of that CRD. It works around a stale cache by force cache invalidation whenever a CRD is added.
Closes#6316
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: wait for CRD to register before allowing CRDs to be installed
This fixes an issue with the previous version of this patch in which the CRD would not be available quickly enough.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* feat: use Wait() to wait for CRDs to be ready
This forward-ports the CRD wait logic to Helm 3, and then uses that to wait for CRDs to be registered.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* ref: moved the scheme modification to an appropriate place.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: turned warnings into fatal errors, fixed spelling, clear cache once
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Have fixed a minor error in the lint action that was causing Error
messages from linting chart getting added to the returned results
multiple times.
Signed-off-by: Thomas O'Donnell <andy.tom@gmail.com>
Also:
* add --insecure flag to "registry login"
* fix bug parsing correct tag when port number present
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
* allow repository config via cli
* make `helm repo add` create repo config file if it does not exist
* squash a ton of bugs
Signed-off-by: Adam Reese <adam@reese.io>
Dmitry Chepurovskiy
Martin Hickey
Matt Farina
Zhengyi Lai
Haoming Zhang
Rajat Jindal
She Jiayu
yxxhero
Andrew Melis
Holder
Mike Ng
wawa0210
Cristian Klein
Bridget Kromhout
Hidde Beydals
Matt Butcher
Matthew Fisher
zwwhdls
zouyu
Eric Lemieux
Adam Reese
Calle Pettersson
Karuppiah Natarajan
Adam Reese
hzliangbin
Marc Khouzam
小明同学
Hidde Beydals
Idan Elhalwani
Liu Ming
Vibhav Bobade
Matthias Riegler
Hu Shuai
Raphaël
Thomas FREYSS
David Pait
Andre Sencioles
Matthew Morrissette
Elliot Maincourt
uzxmx
Lu Fengqi
Zhou Hao
Eric Bailey
Naseem
Andrey Voronkov
lnattrass
Mario Valderrama
Tuan
Erik Sundell
Kim Bao Long
tiendc
Jacob LeGrone
James McElwain
Mikhail Gusarov
Matthias Riegler
Song Shukun
Tomáš Kohout
akash-gautam
Taylor Thomas
ylvmw
Sebastian Voinea
Benn Linger
Federico Bevione
Daniel Cheng
Jon Huhn
Mike Tougeron
Josh Dolitsky
Florian Hopfensperger
Yaakov Selkowitz
Ilya Shaisultanov
Shota Nakamura
Daniel Strobusch
Jakub Bielecki
Vivian Kong
Dao Cong Tien
Ahmad Kazemi
Simon Alling
Bradley Skuse
Guangwen Feng
Naseem
海的澜色
Patrik Cyvoct
Andreas Lindhé
bakito
Phil Grayson
Nick Lee
Jan Heylen
Romain Grenet
Adrian Gonzalez-Martin
Josh Soref
raffaelespazzoli
Andreas Sommer
Lennard Eijsackers
Jason Pickens
jabielecki
Paul "TBBle" Hampson
Juan Matías de la Cámara Beovide
Pavel Macík
Fabian Ruff
Graham Goudeau
Geoff Baskwill
chloel
Andreas Stenius
Scott Morgan
Hang Park
Jeff Bachtel
Kamalashree Nagaraj
Lam Le
Yusuke Kuoka
Aaron Mell
Mateusz Szostok
Yagnesh Mistry
Oleg Sidorov
Sidharth Surana
Simon Alling
Ken Perkins
Jonas Rutishauser
John Howard
Dmitry Tokarev
Dean Coakley
fengxsong
wxdao
Charlie Getzen
Per Hermansson
Cindy O'Neill
Reinhard Nägele
Ivan Towlson
Marc Khouzam
Thomas O'Donnell
Josh Dolitsky