* feat(helm): add $HELM_KEY_PASSPHRASE environment variable for signing helm charts
If $HELM_KEY_PASSPHRASE is set then helm package sign command will not prompt the
user to enter the passphrase for the private key
Signed-off-by: Anumita Shenoy <ansheno@microsoft.com>
* docs(helm): added documentation for HELM_KEY_PASSPHRASE
Added description for HELM_KEY_PASSPHRASE
Signed-off-by: Anumita Shenoy <ansheno@microsoft.com>
Use 'apps/v1' as the apiVersion field for the deployment.yaml written
by the 'helm create' command, rather than the deprecated 'apps/v1beta2'.
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
* fix(helm): fix regression with TLS flags/envvars
This change fixes some of the assumptions made in an earlier commit. Helm's TLS flags and environment variables were not respected because they were parsed well before execution (during settings.AddFlagsTLS()), causing erroneous behaviour at runtime. By re-introducing environment.Init(), Helm can properly parse environment variables at the correct time.
One change that had to occur in this PR is the fact that we need to call settings.Init() each time we call settings.AddFlagsTLS(). This is because each command owns its own FlagSet, so we need to parse each flagset to read and propagate the environment variables correctly.
I also noticed that we were maintaining two separate variables for each TLS value. Refactoring out some of the older code to all use the settings object makes the code much cleaner to read and fixes an issue where setting a flag or environment variable would propagate to the settings object, but we'd be reading from tlsEnable.
I've also added some unit tests to ensure this regression doesn't occur again.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* fix bug where os.ExpandEnv() on the default value causes differing behaviour
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* add more context to the TODO/FIXME messages
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* Fix race in helm list when partitioning
Problem:
The chunks slice that is passed through the channel is reused for each
partition. This means that encoding the release into a message is racing with
populating the next partition, causing the results to sometimes not fit in the
message, and the release list to be incorrect
Solution:
Allocate a new slice for each partition
Issue #3322
Signed-off-by: Brian Marshall <bmarshall13@users.noreply.github.com>
(cherry picked from commit a0858e29d8)
* fix import sorting
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* ref(release_server_test): use NewReleaseServer()
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* add unit test for race condition in `helm list`
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* Avoid importing k8s.io/kubernetes from pkg/helm
When writing a helm client (e.g. a helm plugin) that talks to tiller importing k8s.io/helm/pkg/helm to get the grpc client is key.
This pkg should not have a dependency to the k8s.io/kubernetes to avoid pulling in a lot of code that is only used within tiller and blow up binary sizes.
Signed-off-by: Fabian Ruff <fabian@progra.de>
* Add references to pull request in errors message
Signed-off-by: Fabian Ruff <fabian@progra.de>
* copy helper function from pkg/storage/driver
Signed-off-by: Fabian Ruff <fabian@progra.de>
* Move storage errors to seperate package
Signed-off-by: Fabian Ruff <fabian@progra.de>
* Keep old error variables for backward compatibility
Signed-off-by: Fabian Ruff <fabian@progra.de>
docs(*): update tiller_ssl.md to reflect IP SAN usage.
When using helm/tiller in tls-verify mode, 127.0.0.1 should
be listed as an IP SAN in the tiller certificate to pass
hostname verficiation of the TLS handshake.
Closes#4149
resolves#4337
Merging maps inside of strings gets a bit tricky. When two
strings consisting of "{}" were being added together, this resulted in
"{}\n{}" instead of "{}" which is what we wanted. This led to YAML
parsing errors and showed up when the `--reuse-values` flag was used
when no overrides via `--set` were provided during install and/or
upgrade.
It's really easy to cause an import cycle on this type; this resolves
the problem by moving it out of the tiller pkg into its own. An alias is
left behind in order to prevent downstream breakage.
Adds the `--set-file key=filepath` flag to `install`, `upgrade`, `template` and `lint` sub-commands so that the content of the file at the `filepath` is set to the value for the `key`.
Resolves#1754
If `helm upgrade` fails because a reused name is still in use, the error
message does not specify which name is still in use. Update the error
message.
The files contained in the `tar` file from `helm package` did not have
the correct timestamp. This lack of timestamp occurred because we were
not writing any time to the tar header file.
Address a race condition that arises when running two `helm install`
commands, both of which specify a namespace that does not already exist.
In this specific instance, attempting to create a `namespace` which
already exists shouldn't be a failure which causes `helm install` to
terminate.
This adds support for installing CRDs well before any other resource
kinds are installed.
This PR introduces a new hook, `crd-install`, that fires before
manifests are even validated. It is used to install a CRD before any
other part of a chart is installed.
Currently, this hook is _only implemented for install_. That means we
currently cannot add new CRDs during `helm upgrade`, nor can they
be rolled back. This is the safest configuration, as the update/rollback
cycle gets very challenging when CRDs are added and removed.
The choice of interface `--output (json|yaml)` is to match that of the
status command, except that -o is not available as it is already used
by --offset.
WIP #1534
`toYaml` was introducing a new line. It is an issue since the new line is part of a functions output, it can't be whitespace chomped away so it would require a `trimSuffix "\n"` pipe. This commit trims one trailing `\n` from the toYaml output.
`toYaml` utilized by `.Files` was introducing a new line. It is an issue since the new line is part of a functions output, it can't be whitespace chomped away so it would require a `trimSuffix "\n"` pipe. This commit trims one trailing `\n` from the toYaml output.
Resolves#3655
We were seeing that when running helm upgrade with the reuse-values
flag enabled that you could end up in the position where overrides
a.k.a computed values from previous revisions were not being saved on
the updated revision. This left us in a weird position where some
computed values would disappear mysteriously in the abyss. That
happened because computed values from previous revisions weren't merged
with the new computed values every time the reuse-values flag was used.
This PR merges computed values from the previous revisions so you don't
end up in that kind of conundrum.
* fix(helm): fix golint warning due to ApiVersionV1 constant name
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
* fix(helm): fix golint warning due to ResolveChartVersionAndGetRepo comment
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
* fix(helm): fix golint warnings on HttpGetter type and SetCredentials method missing a comment
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
* fix(helm):fix golint warning due to comment on FindChartInAuthRepoURL function
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
* fix(helm): fix golint warning due to RepoFile type name
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
* fix(helm): fix golint warning due to ParseString comment
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
Existing helm.sh/hook-delete-policy annotation variables (hook-failed, hook-succeeded) do not allow to leave failed jobs for debugging without blocking the next job launching: every failed job must be deleted manually before the next related release is launching (installing, updating or rolling back).
New policy, before-hook-creation, removes the hook from previous release if there is one before the new hook is launched and can be used with another variable.