msb-public/helm - helm - 马士兵教育代码仓库

Commit Graph

Author	SHA1	Message	Date
Benoit Tigeot	94659f2503	fix: prevent reporting fallback on version when none specified Fixes: https://github.com/helm/helm/issues/31548 ``` ❯ helm pull rancher/longhorn-crd --version 106.2.0+up1.8.2 --destination /tmp/ level=WARN msg="unable to find exact version; falling back to closest available version" chart=longhorn-crd requested=106.2.0+up1.8.2 selected=106.2.0+up1.8.1 ❯ bin/helm show chart brigade/brigade apiVersion: v1 appVersion: v1.5.0 dependencies: - condition: kashti.enabled name: kashti repository: https://brigadecore.github.io/charts version: 0.7.0 - condition: brigade-github-app.enabled name: brigade-github-app repository: https://brigadecore.github.io/charts version: 0.8.0 - alias: gw condition: gw.enabled name: brigade-github-oauth repository: https://brigadecore.github.io/charts version: 0.4.0 description: Brigade provides event-driven scripting of Kubernetes pipelines. name: brigade version: 1.10.0 ``` Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr> (cherry picked from commit `40e22dedb2`)	2 weeks ago
Benoit Tigeot	2dd1f662cc	fix: prevent segmentation violation on empty yaml in multidoc Fixes: https://github.com/helm/helm/issues/31544 Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr> (cherry picked from commit `81d244ca21`)	2 weeks ago
Benoit Tigeot	bbad438779	Ignore duplicated URN in logs Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr> (cherry picked from commit `8025a397e6`)	2 weeks ago
Benoit Tigeot	bdcf920183	jsonschema: warn and ignore unresolved URN $ref to match v3.18.4 - v3.18.5 switched jsonschema and began resolving external $ref at compile-time, exposing missing urn handling (“no URLLoader registered for urn:…”). - Add urn scheme loader and pluggable URNResolver. If unresolved, log a warning and return a permissive true schema (back-compat). - Apply to pkg/chart/v2 and internal/chart/v3 validators. Not sure about that Note: external URNs need AddResource/Resolver (the CLI uses --map for this). Warning may appear twice since both validators run. Another strategy could be to add the option to import more "external schema" explicitly but it is another PR. Something similar to `--map` from jsonschema package (santhosh-tekuri/jsonschema@ed65924). Close: #31170 Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr> (cherry picked from commit `03bb62f63d`)	2 weeks ago
George Jenkins	12500dd401	Copy adopted resource info Signed-off-by: George Jenkins <gvjenkins@gmail.com> (cherry picked from commit `855ebb6884`)	1 month ago
George Jenkins	1cf3841142	fixup test Signed-off-by: George Jenkins <gvjenkins@gmail.com> (cherry picked from commit `f8a49f1852`)	1 month ago
George Jenkins	32e2d08c45	logs Signed-off-by: George Jenkins <gvjenkins@gmail.com> (cherry picked from commit `a9cdc78116`)	1 month ago
George Jenkins	4b6472ffb0	fix Signed-off-by: George Jenkins <gvjenkins@gmail.com> (cherry picked from commit `b1a976073f`)	1 month ago
George Jenkins	9dfe3b35ec	fix: Use server-side apply for object create during update Signed-off-by: George Jenkins <gvjenkins@gmail.com> (cherry picked from commit `18616e6ce9`)	1 month ago
Matt Farina	861adc2f4a	Fix kube client logging The kube client logging is based on the actionConfig logging. This is setup to use slog.Default() before the logging flags are parsed and logging is setup. newRootCmdWithConfig changes the logging but it wasn't picked up for actionConfig or the kube client. This change updates the logging to include any changes. Signed-off-by: Matt Farina <matt.farina@suse.com> (cherry picked from commit `936cd328ac`)	1 month ago
Scott Rigby	99cd196435	Merge pull request #31435 from matheuscscp/cancel-health-checks Introduce a context for canceling wait operations	2 months ago
Matheus Pimenta	efc1702657	Introduce a context for canceling wait operations Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>	2 months ago
George Jenkins	bdc459d73c	Merge pull request #31389 from TerryHowe/chore-more-registry-clean-up chore: fix pkg/registry warnings to reduce noise	2 months ago
Matt Farina	15300549f0	When time not available, using time.Now Note, when time is not available, the builds are not reproducible. This problem would only happen when an SDK user is using parts of the API to build their own tooling. Helm will consistently inject the dates through the higher level APIs. Signed-off-by: Matt Farina <matt.farina@suse.com>	2 months ago
Matt Farina	ca8eae9361	Reproducible chart archive builds Building the same chart into an archive multiple times will have the same sha256 hash. Perviously, the time in the headers for a file was time.Now() which changed each time. The time is now collected from the operating system when the file is loaded and this time is used. Fixes: #3612 Signed-off-by: Matt Farina <matt.farina@suse.com>	2 months ago
Scott Rigby	f4c5220d99	Merge pull request #31411 from banjoh/em/reinstate-logger-param feat: reinstate logger parameter to actions package	2 months ago
Evans Mungai	2ddeb50fa6	Set default logger in Configuration constructor Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2 months ago
Evans Mungai	a112bf5aa6	Remove non-reachable code Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2 months ago
Matt Farina	1da2b0a6d4	Merge pull request #31204 from benoittgt/fix-31202 Avoid panic in helm.sh/helm/v3/pkg/chartutil.ValidateAgainstSchema	2 months ago
Robert Sirchia	25ad74f5a7	Merge pull request #31337 from rachelvweber/rawo/fixingWaitStrategy Fixing rollback and uninstall client WaitStrategy	2 months ago
Evans Mungai	aed687eaa1	Add config options to NewConfiguration() Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2 months ago
Evans Mungai	b6eca1c0f1	Refactor logging functionality to use slog.Handler Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2 months ago
Evans Mungai	5ab4ca5490	Embed logging functionality to DRY code Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2 months ago
Evans Mungai	9c32e34d60	Add logger to sql driver and ensure storage has logger Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2 months ago
Evans Mungai	50e43f4017	nil logger should be handled by discard handler Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2 months ago
Evans Mungai	7a5816b106	Self review changes Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2 months ago
Evans Mungai	0f90c83118	Merge remote-tracking branch 'upstream/main' into em/reinstate-logger-param	2 months ago
Evans Mungai	b1d4dc680d	feat: reinstate logger parameter to actions package Fixes: #31399 Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2 months ago
Matt Farina	76e6b7a6fe	Merge pull request #31390 from TerryHowe/chore-increase-helm-list-test-coverage fix: improve pkg/cmd/list test coverage	2 months ago
Matt Farina	2cfd41ec28	Merge pull request #31351 from gjenkins8/gjenkins/helm_version_kubeversion feat: `helm version` print Kubernetes (client-go) version	2 months ago
Matt Farina	752354074c	Merge pull request #31393 from benoittgt/12299 Return errors during upgrade when the deletion of resources fails	2 months ago
Matt Farina	37de51428c	Merge pull request #31376 from benoittgt/accept-yaml-yml Do not ignore .yml file on linting while accepting .yaml	2 months ago
Matt Farina	b0247ce8bf	Merge pull request #31395 from wyrapeseed/main chore: fix some comment format	2 months ago
Terry Howe	0f6e14dfd3	chore: fix various warnings to reduce noise Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2 months ago
Jesse Simpson	3f860e83fb	fix: use empty results instead of nil Signed-off-by: Jesse Simpson <jesse.simpson36@gmail.com>	2 months ago
Jesse Simpson	96b4c363c8	fix: Update returns nil on error, test should reflect this Signed-off-by: Jesse Simpson <jesse.simpson36@gmail.com>	2 months ago
Terry Howe	917822cfca	refactor: remove unused err from pkg/registry/client.go Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2 months ago
wyrapeseed	b9eadd3186	chore: fix some comment format Signed-off-by: wyrapeseed <wyrapeseed@outlook.com>	2 months ago
Benoit Tigeot	7097c8e2e5	Replicate as unit test case where we fail once a resource deletion Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	2 months ago
Benoit Tigeot	054eabddd7	Return errors on upgrade when deletion fails This is a rebase of https://github.com/helm/helm/pull/12299 as the pull request was tagged for Helm v4. Closes: https://github.com/helm/helm/issues/11375 Related: https://github.com/helm/helm/pull/7929 It was a pain to reproduce, here is a script: ``` set -u NS=default RELEASE=test-release CHART=./test-chart SA=limited-helm-sa HELM=${HELM:-./bin/helm} echo "Helm: $($HELM version)" echo "Cleaning…" $HELM uninstall "$RELEASE" -n "$NS" >/dev/null 2>&1 \|\| true kubectl -n "$NS" delete sa "$SA" role "${SA}-role" rolebinding "${SA}-rb" >/dev/null 2>&1 \|\| true kubectl -n "$NS" delete cronjob "$RELEASE-test-chart-cronjob" >/dev/null 2>&1 \|\| true rm -rf "$CHART" /tmp/limited-helm-kubeconfig echo "Create minimal chart with only a CronJob" $HELM create "$CHART" >/dev/null rm -f "$CHART"/templates/{deployment.yaml,service.yaml,hpa.yaml,tests/test-connection.yaml,serviceaccount.yaml} cat > "$CHART/templates/cronjob.yaml" <<'YAML' apiVersion: batch/v1 kind: CronJob metadata: name: {{ include "test-chart.fullname" . }}-cronjob spec: schedule: "/5 * * " jobTemplate: spec: template: spec: restartPolicy: OnFailure containers: - name: hello image: busybox command: ["/bin/sh","-c","date; echo Hello from CronJob"] YAML echo "RBAC: allow Helm storage, basic reads/creates, but NO delete on cronjobs" kubectl -n "$NS" apply -f - >/dev/null <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: $SA --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: ${SA}-role rules: - apiGroups: [""] resources: ["secrets","configmaps"] verbs: ["get","list","watch","create","patch","update","delete"] - apiGroups: [""] resources: ["pods","events"] verbs: ["get","list","watch"] - apiGroups: ["batch"] resources: ["cronjobs"] verbs: ["get","list","watch","create","patch","update"] EOF kubectl -n "$NS" apply -f - >/dev/null <<EOF apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: ${SA}-rb subjects: - kind: ServiceAccount name: $SA roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: ${SA}-role EOF echo "Create kubeconfig for that SA" TOKEN=$(kubectl -n "$NS" create token "$SA") SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}') CA_DATA=$(kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}') KCFG=/tmp/limited-helm-kubeconfig cat > "$KCFG" <<EOF apiVersion: v1 kind: Config clusters: - name: local cluster: server: $SERVER certificate-authority-data: $CA_DATA contexts: - name: limited context: cluster: local namespace: $NS user: $SA current-context: limited users: - name: $SA user: token: $TOKEN EOF set +e echo "Install (as limited SA)" KUBECONFIG="$KCFG" $HELM upgrade --install "$RELEASE" "$CHART" -n "$NS" --wait echo "CronJob after install:" kubectl -n "$NS" get cronjob "$RELEASE-test-chart-cronjob" \|\| true echo "Remove CronJob from chart and add a small ConfigMap to force an upgrade" rm -f "$CHART/templates/cronjob.yaml" cat > "$CHART/templates/configmap.yaml" <<'YAML' apiVersion: v1 kind: ConfigMap metadata: name: {{ include "test-chart.fullname" . }}-config data: hello: world YAML echo "Upgrade without CronJob (as limited SA)" KUBECONFIG="$KCFG" $HELM upgrade --install "$RELEASE" "$CHART" -n "$NS" RC=$? echo "Post-upgrade verification" if kubectl -n "$NS" get cronjob "$RELEASE-test-chart-cronjob" >/dev/null 2>&1; then echo "OK: Stale CronJob still present: $RELEASE-test-chart-cronjob" else echo "NO_OK: CronJob deleted" fi echo "Helm exit code: $RC" exit 0 ``` With the current build: ```sh ./reproduce-helm-issue.sh Helm: version.BuildInfo{Version:"v4.0+unreleased", GitCommit:"f19bb9cd4c99943f7a4980d6670de44affe3e472", GitTreeState:"dirty", GoVersion:"go1.24.0"} Cleaning… Create minimal chart with CronJob + ConfigMap (we will remove both in v2) RBAC: allow Helm storage + delete for configmaps, but NO delete on cronjobs Create kubeconfig for that SA Install v1 (as limited SA) Release "test-release" does not exist. Installing it now. NAME: test-release LAST DEPLOYED: Tue Oct 14 18:55:57 2025 NAMESPACE: default STATUS: deployed REVISION: 1 DESCRIPTION: Install complete TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=test-chart,app.kubernetes.io/instance=test-release" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT Verify v1 objects exist NAME SCHEDULE TIMEZONE SUSPEND ACTIVE LAST SCHEDULE AGE test-release-test-chart-cronjob /5 * * * * <none> False 0 <none> 0s NAME DATA AGE test-release-test-chart-config 1 0s Prepare v2: remove BOTH CronJob and ConfigMap from the chart Upgrade to v2 (as limited SA) — expecting CronJob delete first, then ConfigMap - CronJob delete should FAIL (no delete permission) - ConfigMap delete should SUCCEED (delete allowed) — proves 'continue on error' and inverted order level=DEBUG msg="getting history for release" release=test-release level=DEBUG msg="getting release history" name=test-release level=DEBUG msg="preparing upgrade" name=test-release level=DEBUG msg="getting last revision" name=test-release level=DEBUG msg="getting release history" name=test-release level=DEBUG msg="number of dependencies in the chart" dependencies=0 level=DEBUG msg="determined release apply method" server_side_apply=true previous_release_apply_method=ssa level=DEBUG msg="performing update" name=test-release level=DEBUG msg="creating upgraded release" name=test-release level=DEBUG msg="creating release" key=sh.helm.release.v1.test-release.v2 level=DEBUG msg="getting release history" name=test-release level=DEBUG msg="using server-side apply for resource update" forceConflicts=false dryRun=false fieldValidationDirective=Strict upgradeClientSideFieldManager=false level=DEBUG msg="checking resources for changes" resources=0 level=DEBUG msg="deleting resource" namespace=default name=test-release-test-chart-config kind=ConfigMap level=DEBUG msg="deleting resource" namespace=default name=test-release-test-chart-cronjob kind=CronJob level=DEBUG msg="failed to delete resource" namespace=default name=test-release-test-chart-cronjob kind=CronJob error="cronjobs.batch \"test-release-test-chart-cronjob\" is forbidden: User \"system:serviceaccount:default:limited-helm-sa\" cannot delete resource \"cronjobs\" in API group \"batch\" in the namespace \"default\"" level=INFO msg="update completed" created=0 updated=0 deleted=1 level=WARN msg="update completed with errors" errors=1 level=DEBUG msg="updating release" key=sh.helm.release.v1.test-release.v1 level=WARN msg="upgrade failed" name=test-release error="failed to delete resource test-release-test-chart-cronjob: cronjobs.batch \"test-release-test-chart-cronjob\" is forbidden: User \"system:serviceaccount:default:limited-helm-sa\" cannot delete resource \"cronjobs\" in API group \"batch\" in the namespace \"default\"" level=DEBUG msg="updating release" key=sh.helm.release.v1.test-release.v2 Error: UPGRADE FAILED: failed to delete resource test-release-test-chart-cronjob: cronjobs.batch "test-release-test-chart-cronjob" is forbidden: User "system:serviceaccount:default:limited-helm-sa" cannot delete resource "cronjobs" in API group "batch" in the namespace "default" Post-upgrade verification Stale CronJob still present: test-release-test-chart-cronjob (expected if delete is forbidden) ConfigMap deleted as expected: test-release-test-chart-config (and after CronJob attempt) Helm exit code: 1 ``` With last version v3.19: ``` HELM=/usr/local/bin/helm ./reproduce-helm-issue.sh Helm: version.BuildInfo{Version:"v3.19.0", GitCommit:"3d8990f0836691f0229297773f3524598f46bda6", GitTreeState:"clean", GoVersion:"go1.24.7"} Cleaning… Create minimal chart with only a CronJob RBAC: allow Helm storage, basic reads/creates, but NO delete on cronjobs Create kubeconfig for that SA Install (as limited SA) Release "test-release" does not exist. Installing it now. NAME: test-release LAST DEPLOYED: Tue Oct 14 19:07:01 2025 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=test-chart,app.kubernetes.io/instance=test-release" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT CronJob after install: NAME SCHEDULE TIMEZONE SUSPEND ACTIVE LAST SCHEDULE AGE test-release-test-chart-cronjob /5 * * * <none> False 0 <none> 0s Remove CronJob from chart and add a small ConfigMap to force an upgrade Upgrade without CronJob (as limited SA) Release "test-release" has been upgraded. Happy Helming! NAME: test-release LAST DEPLOYED: Tue Oct 14 19:07:01 2025 NAMESPACE: default STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=test-chart,app.kubernetes.io/instance=test-release" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT Post-upgrade verification OK: Stale CronJob still present: test-release-test-chart-cronjob Helm exit code: 0 ``` Co-authored-by: dayeguilaiye <979014041@qq.com> Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	2 months ago
Terry Howe	3b2fd17799	chore: rename test registry Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2 months ago
Terry Howe	379b0899b3	fix: increase helm list test coverage Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2 months ago
George Jenkins	7dd2484aed	Merge pull request #31295 from TerryHowe/fix-make-helm-list-show-all-by-default Fix make helm list show all by default	2 months ago
Scott Rigby	f0530309f0	Merge pull request #31302 from TerryHowe/fix-helm-verify-signature fix: helm verify Run signature	2 months ago
Scott Rigby	f9d4373ea4	Merge pull request #31270 from TerryHowe/chore-registry-clean-up chore: registry utils clean up	2 months ago
Terry Howe	abdf6603c0	fix test for rebase Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2 months ago
Matt Farina	a03e8c9541	Merge pull request #31375 from TerryHowe/fix-release-info-time fix: release info time parsing	2 months ago
Terry Howe	f6e60138e8	Update pkg/cmd/list.go Co-authored-by: George Jenkins <gvjenkins@gmail.com> Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2 months ago
Terry Howe	c3aa5c51e6	chore: clean up for comments Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2 months ago
copilot-swe-agent[bot]	b4f932a715	Fix test by making date sorting stable and updating golden files Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2 months ago

1 2 3 4 5 ...

3546 Commits (v4.0.4)