msb-public/helm - helm - 马士兵教育代码仓库

Commit Graph

Author	SHA1	Message	Date
George Jenkins	a15db7f087	Replace deprecated `NewSimpleClientset` Signed-off-by: George Jenkins <gvjenkins@gmail.com>	4 weeks ago
George Jenkins	f8a49f1852	fixup test Signed-off-by: George Jenkins <gvjenkins@gmail.com>	2 months ago
Matheus Pimenta	efc1702657	Introduce a context for canceling wait operations Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>	3 months ago
Benoit Tigeot	7097c8e2e5	Replicate as unit test case where we fail once a resource deletion Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	3 months ago
Benoit Tigeot	054eabddd7	Return errors on upgrade when deletion fails This is a rebase of https://github.com/helm/helm/pull/12299 as the pull request was tagged for Helm v4. Closes: https://github.com/helm/helm/issues/11375 Related: https://github.com/helm/helm/pull/7929 It was a pain to reproduce, here is a script: ``` set -u NS=default RELEASE=test-release CHART=./test-chart SA=limited-helm-sa HELM=${HELM:-./bin/helm} echo "Helm: $($HELM version)" echo "Cleaning…" $HELM uninstall "$RELEASE" -n "$NS" >/dev/null 2>&1 \|\| true kubectl -n "$NS" delete sa "$SA" role "${SA}-role" rolebinding "${SA}-rb" >/dev/null 2>&1 \|\| true kubectl -n "$NS" delete cronjob "$RELEASE-test-chart-cronjob" >/dev/null 2>&1 \|\| true rm -rf "$CHART" /tmp/limited-helm-kubeconfig echo "Create minimal chart with only a CronJob" $HELM create "$CHART" >/dev/null rm -f "$CHART"/templates/{deployment.yaml,service.yaml,hpa.yaml,tests/test-connection.yaml,serviceaccount.yaml} cat > "$CHART/templates/cronjob.yaml" <<'YAML' apiVersion: batch/v1 kind: CronJob metadata: name: {{ include "test-chart.fullname" . }}-cronjob spec: schedule: "/5 * * " jobTemplate: spec: template: spec: restartPolicy: OnFailure containers: - name: hello image: busybox command: ["/bin/sh","-c","date; echo Hello from CronJob"] YAML echo "RBAC: allow Helm storage, basic reads/creates, but NO delete on cronjobs" kubectl -n "$NS" apply -f - >/dev/null <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: $SA --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: ${SA}-role rules: - apiGroups: [""] resources: ["secrets","configmaps"] verbs: ["get","list","watch","create","patch","update","delete"] - apiGroups: [""] resources: ["pods","events"] verbs: ["get","list","watch"] - apiGroups: ["batch"] resources: ["cronjobs"] verbs: ["get","list","watch","create","patch","update"] EOF kubectl -n "$NS" apply -f - >/dev/null <<EOF apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: ${SA}-rb subjects: - kind: ServiceAccount name: $SA roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: ${SA}-role EOF echo "Create kubeconfig for that SA" TOKEN=$(kubectl -n "$NS" create token "$SA") SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}') CA_DATA=$(kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}') KCFG=/tmp/limited-helm-kubeconfig cat > "$KCFG" <<EOF apiVersion: v1 kind: Config clusters: - name: local cluster: server: $SERVER certificate-authority-data: $CA_DATA contexts: - name: limited context: cluster: local namespace: $NS user: $SA current-context: limited users: - name: $SA user: token: $TOKEN EOF set +e echo "Install (as limited SA)" KUBECONFIG="$KCFG" $HELM upgrade --install "$RELEASE" "$CHART" -n "$NS" --wait echo "CronJob after install:" kubectl -n "$NS" get cronjob "$RELEASE-test-chart-cronjob" \|\| true echo "Remove CronJob from chart and add a small ConfigMap to force an upgrade" rm -f "$CHART/templates/cronjob.yaml" cat > "$CHART/templates/configmap.yaml" <<'YAML' apiVersion: v1 kind: ConfigMap metadata: name: {{ include "test-chart.fullname" . }}-config data: hello: world YAML echo "Upgrade without CronJob (as limited SA)" KUBECONFIG="$KCFG" $HELM upgrade --install "$RELEASE" "$CHART" -n "$NS" RC=$? echo "Post-upgrade verification" if kubectl -n "$NS" get cronjob "$RELEASE-test-chart-cronjob" >/dev/null 2>&1; then echo "OK: Stale CronJob still present: $RELEASE-test-chart-cronjob" else echo "NO_OK: CronJob deleted" fi echo "Helm exit code: $RC" exit 0 ``` With the current build: ```sh ./reproduce-helm-issue.sh Helm: version.BuildInfo{Version:"v4.0+unreleased", GitCommit:"f19bb9cd4c99943f7a4980d6670de44affe3e472", GitTreeState:"dirty", GoVersion:"go1.24.0"} Cleaning… Create minimal chart with CronJob + ConfigMap (we will remove both in v2) RBAC: allow Helm storage + delete for configmaps, but NO delete on cronjobs Create kubeconfig for that SA Install v1 (as limited SA) Release "test-release" does not exist. Installing it now. NAME: test-release LAST DEPLOYED: Tue Oct 14 18:55:57 2025 NAMESPACE: default STATUS: deployed REVISION: 1 DESCRIPTION: Install complete TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=test-chart,app.kubernetes.io/instance=test-release" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT Verify v1 objects exist NAME SCHEDULE TIMEZONE SUSPEND ACTIVE LAST SCHEDULE AGE test-release-test-chart-cronjob /5 * * * * <none> False 0 <none> 0s NAME DATA AGE test-release-test-chart-config 1 0s Prepare v2: remove BOTH CronJob and ConfigMap from the chart Upgrade to v2 (as limited SA) — expecting CronJob delete first, then ConfigMap - CronJob delete should FAIL (no delete permission) - ConfigMap delete should SUCCEED (delete allowed) — proves 'continue on error' and inverted order level=DEBUG msg="getting history for release" release=test-release level=DEBUG msg="getting release history" name=test-release level=DEBUG msg="preparing upgrade" name=test-release level=DEBUG msg="getting last revision" name=test-release level=DEBUG msg="getting release history" name=test-release level=DEBUG msg="number of dependencies in the chart" dependencies=0 level=DEBUG msg="determined release apply method" server_side_apply=true previous_release_apply_method=ssa level=DEBUG msg="performing update" name=test-release level=DEBUG msg="creating upgraded release" name=test-release level=DEBUG msg="creating release" key=sh.helm.release.v1.test-release.v2 level=DEBUG msg="getting release history" name=test-release level=DEBUG msg="using server-side apply for resource update" forceConflicts=false dryRun=false fieldValidationDirective=Strict upgradeClientSideFieldManager=false level=DEBUG msg="checking resources for changes" resources=0 level=DEBUG msg="deleting resource" namespace=default name=test-release-test-chart-config kind=ConfigMap level=DEBUG msg="deleting resource" namespace=default name=test-release-test-chart-cronjob kind=CronJob level=DEBUG msg="failed to delete resource" namespace=default name=test-release-test-chart-cronjob kind=CronJob error="cronjobs.batch \"test-release-test-chart-cronjob\" is forbidden: User \"system:serviceaccount:default:limited-helm-sa\" cannot delete resource \"cronjobs\" in API group \"batch\" in the namespace \"default\"" level=INFO msg="update completed" created=0 updated=0 deleted=1 level=WARN msg="update completed with errors" errors=1 level=DEBUG msg="updating release" key=sh.helm.release.v1.test-release.v1 level=WARN msg="upgrade failed" name=test-release error="failed to delete resource test-release-test-chart-cronjob: cronjobs.batch \"test-release-test-chart-cronjob\" is forbidden: User \"system:serviceaccount:default:limited-helm-sa\" cannot delete resource \"cronjobs\" in API group \"batch\" in the namespace \"default\"" level=DEBUG msg="updating release" key=sh.helm.release.v1.test-release.v2 Error: UPGRADE FAILED: failed to delete resource test-release-test-chart-cronjob: cronjobs.batch "test-release-test-chart-cronjob" is forbidden: User "system:serviceaccount:default:limited-helm-sa" cannot delete resource "cronjobs" in API group "batch" in the namespace "default" Post-upgrade verification Stale CronJob still present: test-release-test-chart-cronjob (expected if delete is forbidden) ConfigMap deleted as expected: test-release-test-chart-config (and after CronJob attempt) Helm exit code: 1 ``` With last version v3.19: ``` HELM=/usr/local/bin/helm ./reproduce-helm-issue.sh Helm: version.BuildInfo{Version:"v3.19.0", GitCommit:"3d8990f0836691f0229297773f3524598f46bda6", GitTreeState:"clean", GoVersion:"go1.24.7"} Cleaning… Create minimal chart with only a CronJob RBAC: allow Helm storage, basic reads/creates, but NO delete on cronjobs Create kubeconfig for that SA Install (as limited SA) Release "test-release" does not exist. Installing it now. NAME: test-release LAST DEPLOYED: Tue Oct 14 19:07:01 2025 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=test-chart,app.kubernetes.io/instance=test-release" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT CronJob after install: NAME SCHEDULE TIMEZONE SUSPEND ACTIVE LAST SCHEDULE AGE test-release-test-chart-cronjob /5 * * * <none> False 0 <none> 0s Remove CronJob from chart and add a small ConfigMap to force an upgrade Upgrade without CronJob (as limited SA) Release "test-release" has been upgraded. Happy Helming! NAME: test-release LAST DEPLOYED: Tue Oct 14 19:07:01 2025 NAMESPACE: default STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=test-chart,app.kubernetes.io/instance=test-release" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT Post-upgrade verification OK: Stale CronJob still present: test-release-test-chart-cronjob Helm exit code: 0 ``` Co-authored-by: dayeguilaiye <979014041@qq.com> Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	3 months ago
Matt Farina	fbf02e494e	Merge pull request #30980 from gjenkins8/gjenkins/cleanup_kubeclient_interfaces cleanup: Remove/consolidate redundant kube client Interfaces	3 months ago
juejinyuxitu	69dbd6115e	chore: fix some typos in comment Signed-off-by: juejinyuxitu <juejinyuxitu@outlook.com>	4 months ago
George Jenkins	b5de5b1591	chore: Cleanup additional/redundant kube client Interfaces Signed-off-by: George Jenkins <gvjenkins@gmail.com>	4 months ago
George Jenkins	ebc874ef84	fix client-side to server-side field manager migration Signed-off-by: George Jenkins <gvjenkins@gmail.com>	5 months ago
George Jenkins	b2dc411f9d	code review (error checks, collapse forceConflicts, UpdateApplyFunc) Signed-off-by: George Jenkins <gvjenkins@gmail.com>	5 months ago
George Jenkins	99dc23f00b	switch target<->original Signed-off-by: George Jenkins <gvjenkins@gmail.com>	5 months ago
George Jenkins	741facca43	Update pkg/kube/client_test.go Signed-off-by: George Jenkins <gvjenkins@gmail.com>	5 months ago
George Jenkins	45141451b4	Kube client support server-side apply Signed-off-by: George Jenkins <gvjenkins@gmail.com>	5 months ago
Atish Kumar	008bd7fc82	test(pkg/kube/client): add test for isReachable Signed-off-by: Atish Kumar <allolro@gmail.com>	6 months ago
Matthieu MOREL	157f0ba10a	chore: enable thelper Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	8 months ago
Robert Sirchia	4d580c6b95	Merge pull request #30810 from mmorel-35/usestdlibvars chore: enable usestdlibvars linter	9 months ago
Terry Howe	71787cca60	fix: rename slave replica Signed-off-by: Terry Howe <terrylhowe@gmail.com>	9 months ago
Matthieu MOREL	77a267dacf	chore: enable usestdlibvars linter Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	9 months ago
Evans Mungai	e8e79cc4b4	Merge branch 'main' into fix-take-ownership Signed-off-by: Evans Mungai <mbuevans@gmail.com>	9 months ago
Benoit Tigeot	cbaac7652d	Call slog directly instead of using a wrapper Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	10 months ago
Benoit Tigeot	b2380720eb	Migrate to pure slog without a custom wrapper Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	10 months ago
Benoit Tigeot	b42767be40	Migrate more code to log adapter Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	10 months ago
Benoit Tigeot	83cdffe4ae	Migrate to a dedicated internal package for slog adapter + migrate more Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	10 months ago
Benoit Tigeot	394ba2d55e	Properly use DefaultLogger Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	10 months ago
Patrick Seidensal	e55707b09d	Fix --take-ownership If a resource exists in the cluster and is to be adopted by helm install --take-ownership, it is left unchanged while helm reports the installation to have succeeded. This is due to CRs and CRDs being merged without three-way-merge, which results in an empty patch. By using a three-way-merge transparently when --take-ownership is used, the helm behaves as expected without breaking previous behavior. Fixes #30622 Signed-off-by: Patrick Seidensal <pseidensal@suse.com>	10 months ago
Austin Abro	386523bdbc	update to get waiter instead of set Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	10 months ago
Austin Abro	11eeb4a6b1	merge Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	11 months ago
Chris Berry	6d30fa5990	Add HookOutputFunc and generic yaml unmarshaller Signed-off-by: Chris Berry <bez625@gmail.com>	11 months ago
Chris Berry	cde407b7d1	Add hook annotations to output pod logs to client on success and fail Signed-off-by: Chris Berry <bez625@gmail.com>	11 months ago
Austin Abro	7fde4962a8	set waiter in functions Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	11 months ago
Austin Abro	f2dd2c9109	add hook only waiter Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	11 months ago
Austin Abro	2b03c527f1	set command line flags Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	11 months ago
Austin Abro	f1b642cb0d	unexport newWaiter function Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	12 months ago
Austin Abro	8fe66998bf	refactor obj logic Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	1 year ago
Austin Abro	eaa6e14546	test cleanup Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	1 year ago
Austin Abro	c26b44f651	update names Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	1 year ago
Austin Abro	86338215b7	ability to create different waiters Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	1 year ago
Austin Abro	947425ee64	refactor new Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	1 year ago
Austin Abro	859ff9b548	change structure of client Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	1 year ago
Austin Abro	4564b8f712	make a working test Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	1 year ago
Austin Abro	4c1758143f	basic design up and balling Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	1 year ago
Austin Abro	6f7ac066ae	extending factory to enable getting a watcher Signed-off-by: Austin Abro <AustinAbro321@gmail.com>	1 year ago
Alex Johnson	9fd943b481	Add tests to `helm/pkg/kube/client_test.go` to cover `wait.go` Signed-off-by: Alex Johnson <alex.kattathra.johnson@gmail.com>	1 year ago
Andreas Karis	79a1f2c801	fix(helm): Retry Conflict error for createResource, deleteResource kubernetes might at any time throw 409 Conflict Error codes. Clients are supposed to retry when this happens. As an example, see kubernetes/issues/67761 where such an issues might happen when the cluster manipulates a projects's ResourceQuotas. Catch such Conflict Errors on createResource and deleteResource and retry before giving up. Due to the more complex logic and focus on kubernetes/issues/67761, this patch purposefully omits possibly needed changes to updateResource and instead defers them to another patch if required in the future. Closes issue #9710 Signed-off-by: Andreas Karis <ak.karis@gmail.com>	1 year ago
Matt Farina	4e7e939f19	Updating the Go version in go.mod At this time both Go 1.19 and 1.20 are supported. The version specified in the go.mod file is the minimum version we expect Helm to be compiled against. This is the oldest supported version to support environments where others compile Helm. The Helm project is using Go 1.20 to build Helm itself. Updating to Go 1.19 also includes dealing with io/ioutil deprecation and some additional linting issues around staticcheck. All the staticcheck issues were in test files so linting was skipped for those. Signed-off-by: Matt Farina <matt.farina@suse.com>	3 years ago
cpanato	006bc0f39d	update k8s registry domain Signed-off-by: cpanato <ctadeu@gmail.com>	3 years ago
Matt Farina	36e18fa6e1	Fix improper use of Table request/response to k8s API Fixes #11712 A change was made that when validation was turned off the Kubernetes packages were building objects as a Table type. This was done for display purposes. When details about the objects was going to be printed as part of #10912. This broke rollback, and possibly other functionality, as a Table type was returned in some cases that needed the regular object. This caused things to break silently. The fix involved adding in a new Function (and interface) to query for tables instead of the objects themselves. There was not a clean way to add it to the existing function that covered all cases. A second problem was noticed along the way. When data was output via status as YAML or JSON it was in the form of a table rather than the objects themselves. This did not reflect expectations and did not match the functionality in kubectl. The code was updated to return a table when that was presented and the objects when they are being output for YAML or JSON. The API also supports this handling to SDK users can replicate this functionality. API changes made here were never released. The functions were developed for this release of Helm and only ever appeared in an RC. In this case, they can be changed. Signed-off-by: Matt Farina <matt.farina@suse.com>	3 years ago
Li Zhijian	4258e8664e	Use T.cleanup() to cleanup cmdtest_temp file Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>	5 years ago
Adam Reese	bdf6f48704	fix(pkg/kube): continue deleting objects when one fails * Continue deleting objects when one fails to minimize the risk of an upgrade ending in an unrecoverable state * Exclude failed deleted object from the returned result set Signed-off-by: Adam Reese <adam@reese.io>	6 years ago
Dong Gang	69d9722eda	test(helm): fix client update error Signed-off-by: Dong Gang <dong.gang@daocloud.io>	6 years ago

1 2

98 Commits (95a0d2eb89c7d221e8d9fddc19b84e64bc474c8a)