When an index is in a JSON format, the `sigs.k8s.io/yaml` package uses
an inefficient approach to unmarshaling the data, as it does an
unnecessary roundtrip on the data to transform the YAML to valid JSON.
To prevent this from happening, detect if the bytes which we attempt
to load contain valid JSON, and unmarshal them directly using
`json.Unmarshal` instead.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
There are a few changes to the new dry-run handling:
1. Some documentation is added to help clarify what is happening
and what is expected.
2. DryRun is never changed by internal handling. If an API user
sets the property it is not changed by our code.
3. The behavior on contacting the server with false/none is made
consistent between install and upgrade.
Signed-off-by: Matt Farina <matt.farina@suse.com>
When a user specifies --wait for an install or upgrade this commit will enable the user to specifiy a number of retries to attepmt if a status check fails
Errors including a HTTP status code < 500 will not be retried
Signed-off-by: MichaelMorris <michael.morris@est.tech>
Some charts don't need a templates directory. The warning appears to originate back when helm expected all charts to contain templates. In CI situations where linting is performed with --strict the lint warning causes unneccessary failures for charts that quite legitimately do not contain a templates directory.
As discussed in #8033 there are no longer any scenarios understood where this warning is helpful so this commit removes it.
Signed-off-by: James Blair <mail@jamesblair.net>
First, some notes about priority and how some code flow works.
For Helm handling values, the expected order of precidence is:
1. User specified values (e.g CLI)
2. Imported values
3. Parent chart values
4. Subchart values
Helm handles dependency values slightly differently. If there are dependencies
in the charts folder that are not marked as dependencies all of the values,
including nil values, are pulled in. If those charts are listed as a
dependency in the Chart.yaml file than they are processed for import handling.
Prior to the changes here, it caused nil values at the top level to NOT remove
values specified.
The changes:
1. The order of priority was chagned from the list above. Parnet chart values
would override specifically imported values. This is due to a change from
just over a year ago that introduced a bug. That was undone by changing the
precidence when maps were merged.
2. To handle merging while retaining the nil values, which was causing
inconsistent behavior, a new set of Merge functions were introduced. These
functions are just like coalesce except that they DO NOT remove nil/null values.
The new functions are used in a backward compatible manner meaning some new
functions were introduced that called them.
Specific issues fixed (that are known):
Closes#9027
Can now delete subkeys from charts when specified in the parent. This behavior
was previously inconsistent. Sometimes they could be deleted and other times
it did not work. Now it is consistent.
Closes#10899
Imported values (from library or other subcharts) are now used following the
order above.
The previous behavior was inconsistent. import-values using just a string
would import them. When named with a child/parent it did not work if the
parent already had a value. If string and named were mixed the imports
worked if the string happened first but just for the string not the named.
If the named parent/child went first then none of them worked for cases
where the parent already had a value. It was inconsistent and the tests
sometimes mirrored the functionality rather than expected behavior.
Tests for this fall into the sub-packages and are in the template tests
to verify it's happening in the output. Including having values passed
at the CLI as the ultimate highest priority to be used.
This relates to a fix that went in for #9940. The expected values there don't
fit the precedence above where the parent value would override the imported
value. That fix/change introduced more bugs.
Closes#10052
This is the case where imported values using the parent/child designation
just didn't work right. That has been fixed and there are tests. The underlying
issue had to do with the precedence order handling.
Note, a lot of tests were added. Hope we got it more right this time.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Add a new flag `--plain-http` to the following commands:
* `helm install`
* `helm pull`
* `helm push`
* `helm template`
* `helm upgrade`
* `helm show`
This flag instructs the registry client to use plain HTTP connections,
thus enabling upload/download of charts from OCI registries served at
an HTTP endpoint.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Report charts with the following bad dependency specifications as bad charts:
dependencies:
- name: foo
alias: baz # ← baz used twice
version: 1.0.0
- name: bar
alias: baz # ← baz used twice
version: 1.0.0
dependencies:
- name: foo
alias: bar # ← shadows chart below
version: 1.0.0
- name: bar
version: 1.0.0
dependencies:
- name: foo
version: 1.0.0
- name: foo # ← chart with same name as above (although version or repo will be different, this will not work currently)
version: 1.2.3
Closes#9169
Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
This covers both the property and the minimal copy of the Factory
interface. It also notes that this interface is not covered by the
Helm backwards compatibility and why.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Signed-off-by: Joe Julian <me@joejulian.name>
During the install process there was a place where an install
process could be stuck trying to write to a channel. This would
happen when a context had completed prior to performInstall
finishing. In a short running Helm Client this was not a problem.
But, for long running applications that use Helm as an SDK there
are problems where a memory leak ends up happening due to
goroutines never being able to complete.
This fix provides a means for performInstall to write to its
channel using the method already used to fix the upgrade
issue of the same kind.
Fixes#11805
Signed-off-by: Matt Farina <matt.farina@suse.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes helm#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
* Fixes Readiness Check for statefulsets using partitioned rolling update.
Fixes#11773
This change updates readiness check in ready.go to correctly
account for statefulsets that are utilizing a partitioned upgrade.
These statefulsets only upgrade a subset of the managed pods with each call
to helm upgrade. This causes the upgrade to legitimately hit the condition where
sts.status.CurrentRevision != sts.Status.UpdateRevision which causes helm to mark
the upgrade has failed when in fact it is successful.
This change fixes that behavior to only check when partition is unspecified or 0.
Signed-off-by: Aman Nijhawan <anijhawan@yugabyte.com>
* Adding a unit test to verify that partitioned rolling upgrade for a statefulset works.
Signed-off-by: Aman Nijhawan <anijhawan@yugabyte.com>
---------
Signed-off-by: Aman Nijhawan <anijhawan@yugabyte.com>
Co-authored-by: Aman Nijhawan <anijhawan@yugabyte.com>
The GOARCH here is 386 not i386. This caused a slightly odd test
suite failure on that architecture:
--- FAIL: TestPlatformPrepareCommand (0.00s)
plugin_test.go:45: Expected arg="os-arch", got "linux-s390x"
plugin_test.go:64: Expected arg="os-arch", got "linux-s390x"
Signed-off-by: Dirk Müller <dirk@dmllr.de>
Go 1.20 introduced DNS/CNAME handling changes. This can cause an
IP address represented in hex, oct, etc to be looked up as DNS and
fail. This change introduces a mock DNS resolver.
Note, with the mock resolver, we don't need to use 0x7f000001 any
longer. Keeping because it was already there.
Signed-off-by: Matt Farina <matt.farina@suse.com>
At this time both Go 1.19 and 1.20 are supported. The version
specified in the go.mod file is the minimum version we expect Helm
to be compiled against. This is the oldest supported version to
support environments where others compile Helm. The Helm project
is using Go 1.20 to build Helm itself.
Updating to Go 1.19 also includes dealing with io/ioutil
deprecation and some additional linting issues around staticcheck.
All the staticcheck issues were in test files so linting was
skipped for those.
Signed-off-by: Matt Farina <matt.farina@suse.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes helm#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
As the CRDs are installed before the capabilities are gathered, the
current call to invalidate the discovery client is premature and
expensive.
What actually is required is an invalidation of the REST mapper, as
otherwise the Helm install action may later on fail with a `resource
mapping not found` error. More specifically when the caller of the
action is making use of a persisting[1] `RESTClientGetter`.
Which is not something done by the Helm CLI (albeit it could, and this
would potentially save quite some resources?). But is a default
configuration offered by the Helm SDK via `kube.New` when a nil value
is provided as the `getter`.
[1]: https://github.com/kubernetes/cli-runtime/blob/v0.26.2/pkg/genericclioptions/config_flags.go#L118
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
If enabled the registryClient is set using a helper that accepts the TLS
flags. This keeps the client creation consistent accross the different
commands.
Signed-off-by: Soule BA <bah.soule@gmail.com>
If implemented, users will be able to use custom certificates and CA to
while interacting with OCI registries.
Signed-off-by: Soule BA <bah.soule@gmail.com>
Add --cascade=<background|foreground|orphan> option to helm uninstall
Current behaviour is hardcoded to background
Addresses issue: https://github.com/helm/helm/issues/10586
Signed-off-by: MichaelMorris <michael.morris@est.tech>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run-option=server flag, it will try to connect to the cluster
to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run-option=server flag, it will try to connect to the cluster
to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
if the value is 'server' to be able to render lookup functions.
Closes helm#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
When a helm command is run with the --dry-run flag, it will try to connect to the cluster
to be able to render lookup functions.
Closes#8137
Signed-off-by: Tapas Kapadia <tapaskapadia10@gmail.com>
Fixes#11712
A change was made that when validation was turned off the Kubernetes
packages were building objects as a Table type. This was done for
display purposes. When details about the objects was going to be
printed as part of #10912.
This broke rollback, and possibly other functionality, as a Table
type was returned in some cases that needed the regular object.
This caused things to break silently.
The fix involved adding in a new Function (and interface) to
query for tables instead of the objects themselves. There was not
a clean way to add it to the existing function that covered all
cases.
A second problem was noticed along the way. When data was output
via status as YAML or JSON it was in the form of a table rather
than the objects themselves. This did not reflect expectations
and did not match the functionality in kubectl. The code was
updated to return a table when that was presented and the objects
when they are being output for YAML or JSON. The API also supports
this handling to SDK users can replicate this functionality.
API changes made here were never released. The functions were
developed for this release of Helm and only ever appeared in an
RC. In this case, they can be changed.
Signed-off-by: Matt Farina <matt.farina@suse.com>
## case :
1. charmuseum is http
2. nginx https ---> chartmuseum
3. domain, CN is IP
## result:
error: failed to prepare chart for release: chart unavailable: looks like "https://120.55.54.50" is not a valid chart repository or cannot be reached: Get "https://120.55.54.50/index.yaml": x509: certificate relies on legacy Common Name field, use SANs instead
Signed-off-by: caixisheng <cc710917049@163.com>
<https://github.com/helm/helm/pull/8371>
This covers:
- `tpl` text can `include` a `define` provided in a partial file
- `tpl` text can `include` a `define` provided in its text
- `tpl` text can be loaded via `.Files.Get`
Signed-off-by: Graham Reed <greed@7deadly.org>
There are cases when the etcdserver is temporarily unavailable and the
errors that we get back from kube-apiserver reflect that error. It looks
like we bail out immediately when these errors happen currently. We
should retry until timeout is reached when this sort of errors happen.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
The current family of '--set' methods interprets some special characters
in values (e.g. commas, square brackets, points, backslashes). With the
typical shell escaping rules, this can increase the difficulty of overwriting
values in some cases.
In contrast to '--set-string' or similar methods, '--set-literal' does
not interpret those special characters. It interprets given values as
literal strings.
Example:
--set-literal outer.inner='so\me,values'
outer:
inner: so\me,values
Closes#4030
Signed-off-by: Patrick Scheid <p.scheid92@gmail.com>
- Use a clone of the current Template instead of re-creating everything from scratch
- Needs to inject `include` so any defines in the tpl text can be seen.
Signed-off-by: Graham Reed <greed@7deadly.org>
Extend Interface with new InterfaceResources to avoid breaking changes
Move change to staus command behind --show-resources flag
Signed-off-by: Soujanya Mangipudi <somangip@microsoft.com>
Creating a new PR based on this existing stale PR https://github.com/helm/helm/pull/7728
Signed-off-by: Soujanya Mangipudi <somangip@microsoft.com>
# Conflicts:
# go.sum
Unfortunately errors from the API server do not always (do they ever?) contain
the name of the resource in question.
Deletions for multiple resources are processed concurrently, so in a resulting
log, a preceding "Starting delete" line might be for a different object.
Signed-off-by: Marcin Owsiany <porridge@redhat.com>
Go passes x509 verification off to the platform and different
platforms provide different responses. The Go tests for x509
even have different test files for different platform providers
that check for different messages.
This update haldes darwins difference for x509 authority handling
Closes#11159
Signed-off-by: Matt Farina <matt@mattfarina.com>
Exporting those fields enable 3rd party users to build their own mocked PullResult responses.
Related #10623
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Confirm that the current and updated revision numbers also match as part
of the readiness check. Add coverage for readiness scenarios where
StatefulSet status does not reflect the most recent generation of the
StatefulSet yet.
Also add additional logging around the sts transitions from non-ready to
ready.
Fixes: #10163
Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
Fix list command for SQL storage driver
Fix SQL storage drivers tests after adding custom labels support
Remove notes that SQL driver not supported for storing labels in install and upgrade
Signed-off-by: Dmitry Chepurovskiy <dm3ch@dm3ch.net>
Signed-off-by: Dmitry Chepurovskiy <me@dm3ch.net>