* Securing tiller via running it locally.
Signed-off-by: Joshua Olson <joshua.olson.490@gmail.com>
* Clarify that TLS is the recommended way to secure Helm.
Signed-off-by: Joshua Olson <joshua.olson.490@gmail.com>
When a user specifies value overrides for list values out of order,
strvals.listItem panics. Change strvals.listItem to handle this case by
re-initializing nil values to a new map.
Closes#4503
Co-authored-by: Cameron Childress <cameron@cchildress.org>
Co-authored-by: Kevin Collette <hal.collette@gmail.com>
Co-authored-by: Connor McKelvey <connormckelvey@gmail.com>
Co-authored-by: Dan Winter <dan.j.winter@gmail.com>
Signed-off-by: Dan Winter <dan.j.winter@gmail.com>
Signed-off-by: Cameron Childress <cameron@cchildress.org>
Signed-off-by: Kevin Collette <hal.collette@gmail.com>
Signed-off-by: Connor McKelvey <connormckelvey@gmail.com>
The output from helm status is not correct for custom resources. The
HumanReadablePrinter from Kubernetes only outputs the column names when
the type differs from the previous one. This makes the output
inconsistent and also creates problems for putting in the correct line
breaks. This PR sets up a new printer for each type, thereby making sure
that all types are printed with the correct use of line breaks and with
column names.
Signed-off-by: Morten Torkildsen <mortent@google.com>
Solves #3722 by making the changes in #3539 more compatible with the previous behavior.
This gives a recovery option for "oops I deleted my helm release" by allowing rollback, which is intended to be a working feature of helm. Note that purging releases removes the history required to rollback, so this doesn't work in that case. However, purging takes significantly more time, so it's harder to accidentally purge everything.
Signed-off-by: Brent <bmperrea@gmail.com>
Upgrading a release and override existing values doesn't work as expected for nested values. Maps should be merged recursively, but currently maps are treated just like values and replaced at the top level.
If the existing values are:
```yaml
resources:
requests:
cpu: 400m
something: else
```
and an update is done with ```--set=resources.requests.cpu=500m```, it currently ends up as
```yaml
resources:
requests:
cpu: 500m
```
but it should have been
```yaml
resources:
requests:
cpu: 500m
something: else
```
This PR updates the way override values are merged into the existing set of values to merge rather than replace maps.
Closes: #4792
Signed-off-by: Morten Torkildsen <mortent@google.com>
* note on naming of resources
Signed-off-by: Ryan Dawson <ryan.dawson@alfresco.com>
* put whitespace back in
Signed-off-by: Ryan Dawson <ryan.dawson@alfresco.com>
* put whitespace back
Signed-off-by: Ryan Dawson <ryan.dawson@alfresco.com>
* put whitespace back
Signed-off-by: Ryan Dawson <ryan.dawson@alfresco.com>
* clarify template fullname
Signed-off-by: Ryan Dawson <ryan.dawson@alfresco.com>
* fix formatting problem by escaping underscore
Signed-off-by: ryandawsonuk <ryandawson@cantab.net>
* no need to change whitespace elsewhere in doc
Signed-off-by: ryandawsonuk <ryandawson@cantab.net>
The essence of this commit is to help people get started with a better
indentation practice than this:
```yaml
spec:
labels:
{{ toYaml .Values.labels | indent 4 }}
```
The previous indentation practice is harder to read. Instead this commit
introduces an indentation practice using `nindent` like this:
```yaml
spec:
labels:
{{- toYaml .Values.labels | nindent 4 }}
```
Signed-off-by: Erik Sundell <erik.i.sundell@gmail.com>
Remove the engine `currentTemplates` field which was shared state
across threads and thus not thread safe, and instead just pass these
reference templates as parameters down recursively.
Closes#4819
Signed-off-by: Sean Eagan <sean.eagan@att.com>
While investigating a tiller crash on v2.10.0 (see recent comments in #3125), I pulled down the code
and wrote a test replicating the crash I was experiencing. I then
realized that the crash had been fixed, and was able to locate the fix
in #4630 after running a quck bisect.
Since there don't appear to be any tests that cover this crash, and I
had written one myself, I figured I might as well put up a PR for it.
Here's what the test failure on v2.10.0 looks like:
```
-- FAIL: TestUpdateReleasePendingInstall_Force (0.00s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x50 pc=0x1d128d8]
goroutine 235 [running]:
testing.tRunner.func1(0xc420493c20)
/usr/local/Cellar/go/1.10/libexec/src/testing/testing.go:742 +0x29d
panic(0x1eb8d80, 0x2a12db0)
/usr/local/Cellar/go/1.10/libexec/src/runtime/panic.go:505 +0x229
k8s.io/helm/pkg/tiller.(*ReleaseServer).performUpdateForce(0xc4208210b0, 0xc4202c6dc0, 0x0, 0x0, 0x2174220)
/Users/mattrasmus/go/src/k8s.io/helm/pkg/tiller/release_update.go:166 +0x188
k8s.io/helm/pkg/tiller.(*ReleaseServer).UpdateRelease(0xc4208210b0, 0x2191780, 0xc420820f30, 0xc4202c6dc0, 0x29aeb90, 0x38, 0x2d2)
/Users/mattrasmus/go/src/k8s.io/helm/pkg/tiller/release_update.go:43 +0x245
k8s.io/helm/pkg/tiller.TestUpdateReleasePendingInstall_Force(0xc420493c20)
/Users/mattrasmus/go/src/k8s.io/helm/pkg/tiller/release_update_test.go:549 +0x120
testing.tRunner(0xc420493c20, 0x20e5c70)
/usr/local/Cellar/go/1.10/libexec/src/testing/testing.go:777 +0xd0
created by testing.(*T).Run
/usr/local/Cellar/go/1.10/libexec/src/testing/testing.go:824 +0x2e0
FAIL k8s.io/helm/pkg/tiller 0.118s
```
Signed-off-by: Matt Rasmus <mrasmus@betterworks.com>
* Update Contributing.md to remove mention of CLA
Signed-off-by: Marc Khouzam <marc.khouzam@ville.montreal.qc.ca>
* Add hyperlink to git page in CONTRIBUTING.md
Signed-off-by: Marc Khouzam <marc.khouzam@ville.montreal.qc.ca>
The output from helm status does not have consistent use of line breaks.
For some resources there is a line break after the kind header, for
others there is not. This is caused by how the printer handles column
headers. This removes a line break for all but the first resource listed.
Signed-off-by: Morten Torkildsen <mortent@google.com>
Update of the client-go package changed the status output to only include
the age of resources. The new printer in client-go only formats the output
to include details of specific resources if the internal representation
of resources are passed into the printer. This PR updates helm to convert
resources to the internal type before printing.
Closes#4712
Signed-off-by: Morten Torkildsen <mortent@google.com>
* feat(helm): add $HELM_KEY_PASSPHRASE environment variable for signing helm charts
If $HELM_KEY_PASSPHRASE is set then helm package sign command will not prompt the
user to enter the passphrase for the private key
Signed-off-by: Anumita Shenoy <ansheno@microsoft.com>
* docs(helm): added documentation for HELM_KEY_PASSPHRASE
Added description for HELM_KEY_PASSPHRASE
Signed-off-by: Anumita Shenoy <ansheno@microsoft.com>
René Filip
Geoff Baskwill
Joshua Olson
Dan Winter
Morten Torkildsen
Matthew Fisher
Scott Rigby
Lev Aminov
Brent
Matt Farina
Ryan Dawson
Maor Friedman
adshmh
Erik Sundell
liaoj
Rimas Mocevicius
Timothy Hobbs
Mike Garuccio
Dr Nic Williams
Sean Eagan
Daniel M Barlow
Adam Reese
Adam Reese
Zachary Seguin
Matt Rasmus
Bartel Sielski
masahiro
Louis-Etienne
Marc Khouzam
Alpha
JJ Asghar
mgresser
Martin Hickey
Anumita Shenoy
Etienne
Thomas Yuan