The 'app.kubernetes.io/version' label was not being rendered as
expected. It was appending onto the label before it and also
the next label label was appending onto it on the same line.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
This commits adds the possibility to back Tiller (or the future
Tiller-less Helm CLI) with any SQL database (only postgres has been
tested so far) to store release information.
The main motivation for this commit was to use a storage backend that
would allow releases larger that 1MB in size (ConfigMap or Secret
drivers don't, because of limits on value size in the underlying etcd
key-value store).
Signed-off-by: Étienne Lafarge <etienne.lafarge@gmail.com>
Co-authored-by: Elliot Maincourt <e.maincourt@gmail.com> (@emaincourt)
Co-authored-by: Paul Borensztein <hi@0x01.fr> (@commit-master)
Manifest validation is done by the builder, but it requires that the schema is set before the Stream function is called. Otherwise the StreamVisitor is created without a schema and no validation is done.
Signed-off-by: Morten Torkildsen <mortent@google.com>
Makes sure CRDs installed through the crd_install hook reaches the `established` state before the hook is considered complete.
Signed-off-by: Morten Torkildsen <mortent@google.com>
This is the fix for only one particular, but important case.
The case when a new resource has been added to the chart and
there is an error in the chart, which leads to release failure.
In this case after first failed release upgrade new resource will be
created in the cluster. On the next release upgrade there will be the error:
`no RESOURCE with the name NAME found` for this newly created resource
from the previous release upgrade.
The root of this problem is in the side effect of the first release process,
Release invariant says: if resouce exists in the kubernetes cluster, then
it should exist in the release storage. But this invariant has been broken
by helm itself -- because helm created new resources as side effect and not
adopted them into release storage.
To maintain release invariant for such case during release upgrade operation
all newly *successfully* created resources will be deleted in the case
of an error in the subsequent resources update.
This behaviour will be enabled only when `--cleanup-on-fail` option used
for `helm upgrade` or `helm rollback`.
Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
There was a typo in a tiller error with "released named" message, I've changed it to "a release named". Also fix a unit-test for it.
Signed-off-by: Mikhail Kirpichev <mkirpic@gmail.com>
Changes as per PR https://github.com/helm/helm/pull/5271
- make imagePullSecrets be an array
- move imagePullSecrets to 'root' level of Values
Signed-off-by: Don Bowman <db@donbowman.ca>
Currently, when we access the modified pages with **HTTP**, it is
redirected to **HTTPS** automatically. So this commit aims to
replace **HTTP** to **HTTPs** for security.
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Signed-off-by: Kim Bao Long <longkb@vn.fujitsu.com>
That the match is based on version is implicit. Making it explicit
because I had to think when I saw it.
Signed-off-by: Matt Farina <matt@mattfarina.com>
* fix: Update gRPC to get better TLS connection handling
To avoid backward compatibility breakers, we have been pinned to a very
old version of gRPC. But it appears that there have been some very
significant network fixes since then. Looking closely at #3480, it
appears that some of this fixes may be directly related to solving that
bug.
Note that this regenerates a few of the Go proto files, so the binary
wire format may be broken. That means this MUST be held to a minor
version, not a patch release.
To test:
- Build both client and server
- Install Tiller into your cluster
- Perform a number of Helm-Tiller interactions (`helm version`, `helm
list`)
Closes#3480
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* Switched to latest protobuf
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
This relates to [#3529](https://github.com/helm/helm/issues/3529).
It adds image.pullSecret to the default generate blank chart
when the user does `helm create`.
Signed-off-by: Don Bowman <don@agilicus.com>
* added test for zero values
Signed-off-by: Flavian <flavian.sierk@gmail.com>
* implemented case for zero values
Signed-off-by: Flavian <flavian.sierk@gmail.com>
Don't delete a resource on upgrade if it is annotated with
helm.io/resource-policy=keep. This can cause data loss for users if the
annotation is ignored (e.g. for a PVC).
Closes#3673
Signed-off-by: James Ravn <james@r-vn.org>
The lint command cannot parse a compressed chart with a pre-release
version, e.g. 0.1.0-alhpa: it errors out saying it cannot find the
Chart.yaml file. This is due to the way the lint command identifies the
chart dir name, i.e. using the last hyphen in the name of the compressed
file. Changing this method to using the name of the single directory
with the chart's name, as expected from decompressing a chart, allows
lint to parse pre-release charts.
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
* fix: perform extra validation on paths in tar archives
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: Cover a few Windows cases and also remove a duplicate tar reader
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: removed debug output
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: Expand again preserves the files verbatim
Also added tests for Expand
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fix: add license block and remove println
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Enable to use charts with dependencies that have conditions (e.g. in
umbrella charts). Allow aliases for dependencies that have dependencies
with conditions.
Closes#3734
Signed-off-by: Christian Koeberl <christian.koeberl@gmail.com>
* Refactor test run to separate method
This will allow us to parallelise it more easily
Signed-off-by: Frank Hamand <frankhamand@gmail.com>
* Add --parallel flag to helm test
(No functionality in this commit)
Signed-off-by: Frank Hamand <frankhamand@gmail.com>
* Run helm tests in parallel with --parallel flag
Signed-off-by: Frank Hamand <frankhamand@gmail.com>
* Add a mutex to helm test message streams
This is to protect against data races when running tests in parallel.
Signed-off-by: Frank Hamand <frankhamand@gmail.com>
* Add tests for --parallel flag
Signed-off-by: Frank Hamand <frankhamand@gmail.com>
* Add concurrency limit for parallel helm tests
Signed-off-by: Frank Hamand <frankhamand@gmail.com>
* Add test for concurrency limit
Signed-off-by: Frank Hamand <frankhamand@gmail.com>
* Fix rebase introduced errors
Signed-off-by: Frank Hamand <frankhamand@gmail.com>
* Return empty string instead of nil when linting on required
This allows lint to work in scenarios when required is used in secrets or it's output is passed to another function.
Due to lint mode no longer failing on missing value in required it is passing nil through which not all functions can accept.
Fixes#4747
Signed-off-by: Helgi Þorbjörnsson <helgith@gmail.com>
* Apply suggestions from code review
Co-Authored-By: helgi <70530+helgi@users.noreply.github.com>
Signed-off-by: Helgi Þorbjörnsson <helgith@gmail.com>
* Add tests
Signed-off-by: Helgi Þorbjörnsson <helgith@gmail.com>
This is probably a silly PR. However, each time I create a new chart
via `helm create`, the instructions to uncomment the resource limits
require adding a couple extra spaces back to the YAML.
This PR simply brings the spacing in-line with the rest of the generated
template.
Signed-off-by: John Dewey <john@dewey.ws>
Currently the code that handles hooks uses a builder that creates the versioned types rather than unstructured. This results in an error whenever a custom resource is used in the hook as the type will not be registered in the scheme used in Helm. This changes this to use a builder that created unstructured resources and only converts to the versioned type when needed.
Signed-off-by: Morten Torkildsen <mortent@google.com>
Apply the same procedure to allow missing trailing slash in repo base URLs used in `repo/chart` inputs to `--repo` inputs.
Fixes#4954.
Signed-off-by: Luke Hoban <luke@pulumi.com>
Due to a regression from a previous change, details about pod resources
does not show up in the status output. This makes sure that the pod type
from core are passed in to the printer so the details are shown in the
output.
Signed-off-by: Morten Torkildsen <mortent@google.com>
When a user specifies value overrides for list values out of order,
strvals.listItem panics. Change strvals.listItem to handle this case by
re-initializing nil values to a new map.
Closes#4503
Co-authored-by: Cameron Childress <cameron@cchildress.org>
Co-authored-by: Kevin Collette <hal.collette@gmail.com>
Co-authored-by: Connor McKelvey <connormckelvey@gmail.com>
Co-authored-by: Dan Winter <dan.j.winter@gmail.com>
Signed-off-by: Dan Winter <dan.j.winter@gmail.com>
Signed-off-by: Cameron Childress <cameron@cchildress.org>
Signed-off-by: Kevin Collette <hal.collette@gmail.com>
Signed-off-by: Connor McKelvey <connormckelvey@gmail.com>
The output from helm status is not correct for custom resources. The
HumanReadablePrinter from Kubernetes only outputs the column names when
the type differs from the previous one. This makes the output
inconsistent and also creates problems for putting in the correct line
breaks. This PR sets up a new printer for each type, thereby making sure
that all types are printed with the correct use of line breaks and with
column names.
Signed-off-by: Morten Torkildsen <mortent@google.com>
Solves #3722 by making the changes in #3539 more compatible with the previous behavior.
This gives a recovery option for "oops I deleted my helm release" by allowing rollback, which is intended to be a working feature of helm. Note that purging releases removes the history required to rollback, so this doesn't work in that case. However, purging takes significantly more time, so it's harder to accidentally purge everything.
Signed-off-by: Brent <bmperrea@gmail.com>
Upgrading a release and override existing values doesn't work as expected for nested values. Maps should be merged recursively, but currently maps are treated just like values and replaced at the top level.
If the existing values are:
```yaml
resources:
requests:
cpu: 400m
something: else
```
and an update is done with ```--set=resources.requests.cpu=500m```, it currently ends up as
```yaml
resources:
requests:
cpu: 500m
```
but it should have been
```yaml
resources:
requests:
cpu: 500m
something: else
```
This PR updates the way override values are merged into the existing set of values to merge rather than replace maps.
Closes: #4792
Signed-off-by: Morten Torkildsen <mortent@google.com>
The essence of this commit is to help people get started with a better
indentation practice than this:
```yaml
spec:
labels:
{{ toYaml .Values.labels | indent 4 }}
```
The previous indentation practice is harder to read. Instead this commit
introduces an indentation practice using `nindent` like this:
```yaml
spec:
labels:
{{- toYaml .Values.labels | nindent 4 }}
```
Signed-off-by: Erik Sundell <erik.i.sundell@gmail.com>
Remove the engine `currentTemplates` field which was shared state
across threads and thus not thread safe, and instead just pass these
reference templates as parameters down recursively.
Closes#4819
Signed-off-by: Sean Eagan <sean.eagan@att.com>
When 'helm <install|upgrade> --render-subchart-notes ...' is run, this will include
the notes from the subchart when rendered via Tiller.
Closes#2751
Signed-off-by: jgleonard <jgleonard@gmail.com>
While investigating a tiller crash on v2.10.0 (see recent comments in #3125), I pulled down the code
and wrote a test replicating the crash I was experiencing. I then
realized that the crash had been fixed, and was able to locate the fix
in #4630 after running a quck bisect.
Since there don't appear to be any tests that cover this crash, and I
had written one myself, I figured I might as well put up a PR for it.
Here's what the test failure on v2.10.0 looks like:
```
-- FAIL: TestUpdateReleasePendingInstall_Force (0.00s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x50 pc=0x1d128d8]
goroutine 235 [running]:
testing.tRunner.func1(0xc420493c20)
/usr/local/Cellar/go/1.10/libexec/src/testing/testing.go:742 +0x29d
panic(0x1eb8d80, 0x2a12db0)
/usr/local/Cellar/go/1.10/libexec/src/runtime/panic.go:505 +0x229
k8s.io/helm/pkg/tiller.(*ReleaseServer).performUpdateForce(0xc4208210b0, 0xc4202c6dc0, 0x0, 0x0, 0x2174220)
/Users/mattrasmus/go/src/k8s.io/helm/pkg/tiller/release_update.go:166 +0x188
k8s.io/helm/pkg/tiller.(*ReleaseServer).UpdateRelease(0xc4208210b0, 0x2191780, 0xc420820f30, 0xc4202c6dc0, 0x29aeb90, 0x38, 0x2d2)
/Users/mattrasmus/go/src/k8s.io/helm/pkg/tiller/release_update.go:43 +0x245
k8s.io/helm/pkg/tiller.TestUpdateReleasePendingInstall_Force(0xc420493c20)
/Users/mattrasmus/go/src/k8s.io/helm/pkg/tiller/release_update_test.go:549 +0x120
testing.tRunner(0xc420493c20, 0x20e5c70)
/usr/local/Cellar/go/1.10/libexec/src/testing/testing.go:777 +0xd0
created by testing.(*T).Run
/usr/local/Cellar/go/1.10/libexec/src/testing/testing.go:824 +0x2e0
FAIL k8s.io/helm/pkg/tiller 0.118s
```
Signed-off-by: Matt Rasmus <mrasmus@betterworks.com>
The output from helm status does not have consistent use of line breaks.
For some resources there is a line break after the kind header, for
others there is not. This is caused by how the printer handles column
headers. This removes a line break for all but the first resource listed.
Signed-off-by: Morten Torkildsen <mortent@google.com>
Update of the client-go package changed the status output to only include
the age of resources. The new printer in client-go only formats the output
to include details of specific resources if the internal representation
of resources are passed into the printer. This PR updates helm to convert
resources to the internal type before printing.
Closes#4712
Signed-off-by: Morten Torkildsen <mortent@google.com>
* feat(helm): add $HELM_KEY_PASSPHRASE environment variable for signing helm charts
If $HELM_KEY_PASSPHRASE is set then helm package sign command will not prompt the
user to enter the passphrase for the private key
Signed-off-by: Anumita Shenoy <ansheno@microsoft.com>
* docs(helm): added documentation for HELM_KEY_PASSPHRASE
Added description for HELM_KEY_PASSPHRASE
Signed-off-by: Anumita Shenoy <ansheno@microsoft.com>
Use 'apps/v1' as the apiVersion field for the deployment.yaml written
by the 'helm create' command, rather than the deprecated 'apps/v1beta2'.
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
* fix(helm): fix regression with TLS flags/envvars
This change fixes some of the assumptions made in an earlier commit. Helm's TLS flags and environment variables were not respected because they were parsed well before execution (during settings.AddFlagsTLS()), causing erroneous behaviour at runtime. By re-introducing environment.Init(), Helm can properly parse environment variables at the correct time.
One change that had to occur in this PR is the fact that we need to call settings.Init() each time we call settings.AddFlagsTLS(). This is because each command owns its own FlagSet, so we need to parse each flagset to read and propagate the environment variables correctly.
I also noticed that we were maintaining two separate variables for each TLS value. Refactoring out some of the older code to all use the settings object makes the code much cleaner to read and fixes an issue where setting a flag or environment variable would propagate to the settings object, but we'd be reading from tlsEnable.
I've also added some unit tests to ensure this regression doesn't occur again.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* fix bug where os.ExpandEnv() on the default value causes differing behaviour
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* add more context to the TODO/FIXME messages
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* Fix race in helm list when partitioning
Problem:
The chunks slice that is passed through the channel is reused for each
partition. This means that encoding the release into a message is racing with
populating the next partition, causing the results to sometimes not fit in the
message, and the release list to be incorrect
Solution:
Allocate a new slice for each partition
Issue #3322
Signed-off-by: Brian Marshall <bmarshall13@users.noreply.github.com>
(cherry picked from commit a0858e29d8)
* fix import sorting
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* ref(release_server_test): use NewReleaseServer()
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* add unit test for race condition in `helm list`
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
* Avoid importing k8s.io/kubernetes from pkg/helm
When writing a helm client (e.g. a helm plugin) that talks to tiller importing k8s.io/helm/pkg/helm to get the grpc client is key.
This pkg should not have a dependency to the k8s.io/kubernetes to avoid pulling in a lot of code that is only used within tiller and blow up binary sizes.
Signed-off-by: Fabian Ruff <fabian@progra.de>
* Add references to pull request in errors message
Signed-off-by: Fabian Ruff <fabian@progra.de>
* copy helper function from pkg/storage/driver
Signed-off-by: Fabian Ruff <fabian@progra.de>
* Move storage errors to seperate package
Signed-off-by: Fabian Ruff <fabian@progra.de>
* Keep old error variables for backward compatibility
Signed-off-by: Fabian Ruff <fabian@progra.de>
docs(*): update tiller_ssl.md to reflect IP SAN usage.
When using helm/tiller in tls-verify mode, 127.0.0.1 should
be listed as an IP SAN in the tiller certificate to pass
hostname verficiation of the TLS handshake.
Closes#4149
resolves#4337
Merging maps inside of strings gets a bit tricky. When two
strings consisting of "{}" were being added together, this resulted in
"{}\n{}" instead of "{}" which is what we wanted. This led to YAML
parsing errors and showed up when the `--reuse-values` flag was used
when no overrides via `--set` were provided during install and/or
upgrade.
It's really easy to cause an import cycle on this type; this resolves
the problem by moving it out of the tiller pkg into its own. An alias is
left behind in order to prevent downstream breakage.
Adds the `--set-file key=filepath` flag to `install`, `upgrade`, `template` and `lint` sub-commands so that the content of the file at the `filepath` is set to the value for the `key`.
Resolves#1754
Matthew Fisher
Tariq Ibrahim
Matt Farina
walkafwalka
Morten Torkildsen
Martin Hickey
Luis Davim
Charlie Getzen
Elliot Maincourt
Étienne Lafarge
Scott Rigby
Evan Vetere
SataQiu
Arash Deshmeh
xichengliudui
Steven Sheehy
Timofey Kirillov
Pavel Eremeev
Fernando Barbosa
Mikhail Kirpichev
Joe Lanford
Jacob LeGrone
Don Bowman
tuanvcw
Kim Bao Long
Miroslav Spousta
Alex
ds-ms
liaoj
Matt Butcher
Michelle Noorali
Gábor Lipták
Elad Iwanir
Ian Howell
Don Bowman
adshmh
Alexander Matyushentsev
Flavian
ahmadali shafiee
JoeWrightss
James Ravn
Geoff Baskwill
Jon Leonard
Axel Köhler
Christian Koeberl
Alex Humphreys
Kévin Dunglas
Taylor Thomas
Frank Hamand
Helgi Þormar Þorbjörnsson
Henry Nash
tariqibrahim
Taylor Thomas
įoнииγ įoнииγ
Michael Merrill
Matt Tucker
Luke Hoban
Dan Winter
Brent
Erik Sundell
Sean Eagan
AdamDang
Rajat Jindal
Adam Reese
Adam Reese
Zachary Seguin
Matt Rasmus
Anumita Shenoy
Matt Tucker
Rijnard van Tonder
Florian Rusch
Colin Panisset
Caleb Delnay
Qiang Li
Louis Munro
Steve Wolter
Carlos Tadeu Panato Junior
Fabian Ruff
Christian Köberl
Jon Huhn
fibonacci1729
Michelle Noorali
Mike Lundy
Tomas Restrepo
KUOKA Yusuke
Rohan Chakravarthy
Brian
roc
Igor Zibarev