If enabled the registryClient is set using a helper that accepts the TLS
flags. This keeps the client creation consistent accross the different
commands.
Signed-off-by: Soule BA <bah.soule@gmail.com>
If implemented, users will be able to use custom certificates and CA to
while interacting with OCI registries.
Signed-off-by: Soule BA <bah.soule@gmail.com>
Add --cascade=<background|foreground|orphan> option to helm uninstall
Current behaviour is hardcoded to background
Addresses issue: https://github.com/helm/helm/issues/10586
Signed-off-by: MichaelMorris <michael.morris@est.tech>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run-option=server flag, it will try to connect to the cluster
to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run-option=server flag, it will try to connect to the cluster
to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes helm#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
Fixes#11712
A change was made that when validation was turned off the Kubernetes
packages were building objects as a Table type. This was done for
display purposes. When details about the objects was going to be
printed as part of #10912.
This broke rollback, and possibly other functionality, as a Table
type was returned in some cases that needed the regular object.
This caused things to break silently.
The fix involved adding in a new Function (and interface) to
query for tables instead of the objects themselves. There was not
a clean way to add it to the existing function that covered all
cases.
A second problem was noticed along the way. When data was output
via status as YAML or JSON it was in the form of a table rather
than the objects themselves. This did not reflect expectations
and did not match the functionality in kubectl. The code was
updated to return a table when that was presented and the objects
when they are being output for YAML or JSON. The API also supports
this handling to SDK users can replicate this functionality.
API changes made here were never released. The functions were
developed for this release of Helm and only ever appeared in an
RC. In this case, they can be changed.
Signed-off-by: Matt Farina <matt.farina@suse.com>
## case :
1. charmuseum is http
2. nginx https ---> chartmuseum
3. domain, CN is IP
## result:
error: failed to prepare chart for release: chart unavailable: looks like "https://120.55.54.50" is not a valid chart repository or cannot be reached: Get "https://120.55.54.50/index.yaml": x509: certificate relies on legacy Common Name field, use SANs instead
Signed-off-by: caixisheng <cc710917049@163.com>
<https://github.com/helm/helm/pull/8371>
This covers:
- `tpl` text can `include` a `define` provided in a partial file
- `tpl` text can `include` a `define` provided in its text
- `tpl` text can be loaded via `.Files.Get`
Signed-off-by: Graham Reed <greed@7deadly.org>
There are cases when the etcdserver is temporarily unavailable and the
errors that we get back from kube-apiserver reflect that error. It looks
like we bail out immediately when these errors happen currently. We
should retry until timeout is reached when this sort of errors happen.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
The current family of '--set' methods interprets some special characters
in values (e.g. commas, square brackets, points, backslashes). With the
typical shell escaping rules, this can increase the difficulty of overwriting
values in some cases.
In contrast to '--set-string' or similar methods, '--set-literal' does
not interpret those special characters. It interprets given values as
literal strings.
Example:
--set-literal outer.inner='so\me,values'
outer:
inner: so\me,values
Closes#4030
Signed-off-by: Patrick Scheid <p.scheid92@gmail.com>
- Use a clone of the current Template instead of re-creating everything from scratch
- Needs to inject `include` so any defines in the tpl text can be seen.
Signed-off-by: Graham Reed <greed@7deadly.org>
Extend Interface with new InterfaceResources to avoid breaking changes
Move change to staus command behind --show-resources flag
Signed-off-by: Soujanya Mangipudi <somangip@microsoft.com>
Creating a new PR based on this existing stale PR https://github.com/helm/helm/pull/7728
Signed-off-by: Soujanya Mangipudi <somangip@microsoft.com>
# Conflicts:
# go.sum
Unfortunately errors from the API server do not always (do they ever?) contain
the name of the resource in question.
Deletions for multiple resources are processed concurrently, so in a resulting
log, a preceding "Starting delete" line might be for a different object.
Signed-off-by: Marcin Owsiany <porridge@redhat.com>
Go passes x509 verification off to the platform and different
platforms provide different responses. The Go tests for x509
even have different test files for different platform providers
that check for different messages.
This update haldes darwins difference for x509 authority handling
Closes#11159
Signed-off-by: Matt Farina <matt@mattfarina.com>
Exporting those fields enable 3rd party users to build their own mocked PullResult responses.
Related #10623
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Confirm that the current and updated revision numbers also match as part
of the readiness check. Add coverage for readiness scenarios where
StatefulSet status does not reflect the most recent generation of the
StatefulSet yet.
Also add additional logging around the sts transitions from non-ready to
ready.
Fixes: #10163
Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
Fix list command for SQL storage driver
Fix SQL storage drivers tests after adding custom labels support
Remove notes that SQL driver not supported for storing labels in install and upgrade
Signed-off-by: Dmitry Chepurovskiy <dm3ch@dm3ch.net>
Signed-off-by: Dmitry Chepurovskiy <me@dm3ch.net>
Add a new flags and associated environment variables to override
the TLS Settings used when constructing the Kube Client.
- `--kube-insecure-skip-tls-verify | HELM_KUBEINSECURE_SKIP_TLS_VERIFY`: if true, the kube api server's certificate will not be checked for validity. This will make your HTTPS connections insecure
- `--kube-tls-server-name | HELM_KUBETLS_SERVER_NAME`: server name to use for kube api server certificate validation. If it is not provided, the hostname used to contact the server is used
Signed-off-by: Justen Walker <justen.walker+github@gmail.com>
* feat: add configuration for client-side throttling limit
Client-side throttling seems to be an issue in larger environments such as OpenShift clusters, where
it is common to have several hundreds CRDs out-of-the-box.
From this view point, it is fair that clients should be able to fine tune this accordingly should the
environment they work on evolves, which is currently not possible, and quite frustrating.
This change introduces the --default-burst-limit option to helm (and its counterpart
HELM_DEFAULT_BURST_LIMIT environment variable) to address that issue, allowing clients to properly
tune their client usage as their environment evolves.
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
* chore: change DefaultBurstLimit to BurstLimit
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
* chore: add HELM_BURST_LIMIT to golden file
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
* chore: add burst limit tests
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
* docs: add burst limit default value to documentation
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
* refactor: change burst limit default value to 100 per review instructions
Signed-off-by: Igor Sutton <isuttonl@redhat.com>
This required modifying the `kube.Factory` interface to conform to
changes in k8s' `cmdutil.Factory` interface:
fe3772890f
Signed-off-by: Andrew Seigner <andrew@sig.gy>
go:build is the new conditional compilation directive used to specify build constraints. It was introduced in Go 1.17. It is meant to replace the old +build directives.
Now that go.mod points to Go 1.17 we no longer need to support both
build flags.
Signed-off-by: Matthew Fisher <matt.fisher@fermyon.com>
Fixed old releases rotation procedure to not require a deployed release to exists.
An error will arise when there are no successfully deployed release yet, but releases history limit has been reached. In such situation helm will refuse to upgrade release anymore with "... has no deployed releases" error.
Furthermore, release rotation procedure already expecting lastDeployedRelease to be either nil, or not nil. So it is assumed that deployed release may exist or may not and these both outcomes were already expected as a valid situation rather than a failure.
Reworked storage_test.go TestStorageRemoveLeastRecentWithError test case: use mocked driver and test release creation procedure does not shadows errors from the underneath release rotation procedure.
Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
When used with helm install, helm template, helm upgrade, it enables
to set json values (scalars/objects/arrays) from the command line.
Closes#10428
Signed-off-by: Luca Di Rocco <lucadirocco@gmail.com>
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Quiet flag reduce the verbosity, such that the only text
that is written to the console is lint warnings/errors
Closes#9994
Signed-off-by: Piotr Resztak <piotr.resztak@gmail.com>
golint which is used as one of the sublinters in golangci-lint is deprecated.
It is replaced with revive which is a drop-in replacement.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
Co-authored-by: Martin Mulholland <mmulholl@redhat.com>
`os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil`
package. It is a more efficient implementation than `ioutil.ReadDir` as
stated here https://pkg.go.dev/io/ioutil#ReadDir.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
When range support for OCI went in via #10527 it created a situation
where some lookups for a chart could cause a panic. This change
makes sure the registry client is available to lookup OCI charts
Signed-off-by: Matt Farina <matt.farina@suse.com>
Note, there is OCI handling later in the funtion that should
handle the situation instead.
Closes#10534
Signed-off-by: Matt Farina <matt.farina@suse.com>
Largely borrowed from (IndexFile).Get. However there is not currently a nice
way to make this code also usable to the repo package, as IndexFile depends on
a list of index Entries containing a nexted version.
We could refactor this later to somehow use the same shared function, but for
now keeping separate.
Signed-off-by: Scott Rigby <scott@r6by.com>
Note, there is OCI handling later in the funtion that should
handle the situation instead.
Closes#10534
Signed-off-by: Matt Farina <matt.farina@suse.com>
Before this change, several of the potential errors during the process
of signing a package were skipped.
Crucially, `Close()`ing the ReadCloser from the gpg clearsigner is the call
which actually does the signing, and so has several points of failure
which are ignored; for example, if there's a problem with the format of
the key.
Also changes the error from messageBlock() to be propagated rather than
being swallowed, and adds a test for the case where a signer fails to
sign.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
The partition value can be greater than number of replicas, in that
case no pods are rolled out. The expectedReplicas becomes a negative
number.
https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions
In the cases where the update does not change anything in the pod
template, the updatedReplicas value from StatefulSet status remains
unchanged. Such updates can still set some partition value, and
UpdatedReplicas is always greater than expectedReplicas. Basically,
the StatefulSet is ready / rolled-out.
In both the above scenarios, providing `--wait` flag causes it to
timeout waiting indefinitely. Because updatedReplicas can never be
negative, or be equal to the expectedReplicas for the second case.
This commit handles both the scenarios by checking if UpdatedReplicas
is smaller than expectedReplicas. If it is, then the StatefulSet is
not ready yet.
Based on the code from kubectl rollout:
a450ebd59c/pkg/polymorphichelpers/rollout_status.go (L138-L141)Closes#8674
Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
This bug came about because of three issues that this change
corrects:
- The CI scripts run on a pull request did not test building
Helm. This means that a failure to set a variable using LDFLAGS
had no opportunity to be caught.
- #8608 provided a means to match the k8s version used in linting
and chartutil with the version of the package we pull in. With
one problem. It attempts to set a const as if it were a string.
This is ignored and everyone missed it.
- #10325 moved those constants to vars so it could be set. This
looked good and passed tests but missed that you can't set an
int as if it were a string. See first bullet.
This change fixes this by moved the internal representation to
be a string. These are internal variables not exposed in the public
API which makes this change non-breaking to the API.
Closes#10367
Signed-off-by: Matt Farina <matt.farina@suse.com>
When running helm lint, import-values for dependencies are ignored,
also added test for linting chart with import-values
Closes#9658
Signed-off-by: Stuart Drennan <stuart.drennan@gmail.com>
Craig O'Donnell
Soule BA
Andrew Block
muang0
cpanato
Dmitry Chepurovskiy
zak905
Matt Farina
MichaelMorris
genofire
Tapas Kapadia
Cenk Alti
Matt Farina
Mikhail Kopylov
Patrick Scheid
Martin Hickey
Daniel Strobusch
Jakub Warczarek
Eugene Zuev
Vaibhav Sharma
Soujanya Mangipudi
Pat Riehecky
Xin Ruan
Zuhair AlSader
caixisheng
Philipp Stehle
Igor Manushin
shankeerthan-kasilingam
Peter Leong
Graham Reed
cui fliter
Qifan Shen
Davanum Srinivas
wujunwei
Vincent van ’t Zand
CI
Marcin Owsiany
James Oden
d-d-up
Arvid E. Picciani
Antonio Gamez Diaz
Matthew Fisher
yxxhero
Dominic Evans
Dmitry Chepurovskiy
Justen Walker
Igor Sutton
Andrew Seigner
Suresh Kumar
Mathieu Parent
Mayank Thakur
stan-sz
yxxhero
Stepan Dohnal
Zoran Krleza
Timofey Kirillov
suzaku
Scott Rigby
Markus Lehtonen
Luca Di Rocco
Matthias Fehr
alexandr.danilin
Eng Zer Jun
stephanECD
Josh Dolitsky
guofutan
Piotr Resztak
David Peraza
Thomas Runyon
Allen Bai
mengjiao.liu
jayonlau
Neven Miculinic
Simon Alling
Jerome Küttner
cndoit18
Ashley Davis
Bhavin Gandhi
Tyler Auerbeck
Moritz Clasmeier
Josh Dolitsky
Sverre Boschman
Guangwen Feng
Asir Tamboli
Stuart Drennan