diff --git a/changelogs/fragments/20250911-add-support-helm-take-ownership.yaml b/changelogs/fragments/20250911-add-support-helm-take-ownership.yaml
new file mode 100644
index 00000000..bd4d16ca
--- /dev/null
+++ b/changelogs/fragments/20250911-add-support-helm-take-ownership.yaml
@@ -0,0 +1,2 @@
+minor_changes:
+ - helm - Parameter take_ownership added (https://github.com/ansible-collections/kubernetes.core/pull/957).
diff --git a/docs/kubernetes.core.helm_module.rst b/docs/kubernetes.core.helm_module.rst
index b81eb983..22c366f1 100644
--- a/docs/kubernetes.core.helm_module.rst
+++ b/docs/kubernetes.core.helm_module.rst
@@ -601,6 +601,27 @@ Parameters
Skip custom resource definitions when installing or upgrading.
+
+ |
+
+ take_ownership
+
+
+ boolean
+
+ added in 6.1.0
+ |
+
+
+ |
+
+ When upgrading, Helm will ignore the check for helm annotations and take ownership of the existing resources
+ This feature requires helm >= 3.17.0
+ |
+
|
@@ -734,7 +755,7 @@ Parameters
|
Use HTTP instead of HTTPS when working with OCI registries
- |
+
diff --git a/plugins/modules/helm.py b/plugins/modules/helm.py
index 8d8ecc25..84d38759 100644
--- a/plugins/modules/helm.py
+++ b/plugins/modules/helm.py
@@ -244,6 +244,13 @@ options:
type: bool
default: False
version_added: 6.1.0
+ take_ownership:
+ description:
+ - When upgrading, Helm will ignore the check for helm annotations and take ownership of the existing resources
+ - This feature requires helm >= 3.17.0
+ type: bool
+ default: False
+ version_added: 6.1.0
extends_documentation_fragment:
- kubernetes.core.helm_common_options
"""
@@ -560,6 +567,7 @@ def deploy(
reset_then_reuse_values=False,
insecure_skip_tls_verify=False,
plain_http=False,
+ take_ownership=False,
):
"""
Install/upgrade/rollback release chart
@@ -573,6 +581,8 @@ def deploy(
deploy_command = command + " upgrade -i" # install/upgrade
if reset_values:
deploy_command += " --reset-values"
+ if take_ownership:
+ deploy_command += " --take-ownership"
if reuse_values is not None:
deploy_command += " --reuse-values=" + str(reuse_values)
@@ -851,6 +861,7 @@ def argument_spec():
type="bool", default=False, aliases=["skip_tls_certs_check"]
),
plain_http=dict(type="bool", default=False),
+ take_ownership=dict(type="bool", default=False),
)
)
return arg_spec
@@ -906,6 +917,7 @@ def main():
reset_then_reuse_values = module.params.get("reset_then_reuse_values")
insecure_skip_tls_verify = module.params.get("insecure_skip_tls_verify")
plain_http = module.params.get("plain_http")
+ take_ownership = module.params.get("take_ownership")
if update_repo_cache:
run_repo_update(module)
@@ -924,6 +936,14 @@ def main():
helm_version
)
)
+ if take_ownership:
+ helm_version = module.get_helm_version()
+ if LooseVersion(helm_version) < LooseVersion("3.17.0"):
+ module.fail_json(
+ msg="take_ownership requires helm >= 3.17.0, current version is {0}".format(
+ helm_version
+ )
+ )
opt_result = {}
if release_state == "absent" and release_status is not None:
@@ -1083,6 +1103,7 @@ def main():
reset_then_reuse_values=reset_then_reuse_values,
insecure_skip_tls_verify=insecure_skip_tls_verify,
plain_http=plain_http,
+ take_ownership=take_ownership,
)
changed = True
diff --git a/tests/integration/targets/helm/defaults/main.yml b/tests/integration/targets/helm/defaults/main.yml
index a6263619..9ef99a16 100644
--- a/tests/integration/targets/helm/defaults/main.yml
+++ b/tests/integration/targets/helm/defaults/main.yml
@@ -29,3 +29,4 @@ test_namespace:
- "helm-chart-with-space-into-name"
- "helm-reset-then-reuse-values"
- "helm-insecure"
+ - "helm-test-take-ownership"
diff --git a/tests/integration/targets/helm/tasks/main.yml b/tests/integration/targets/helm/tasks/main.yml
index a5f69a9d..4a2c028b 100644
--- a/tests/integration/targets/helm/tasks/main.yml
+++ b/tests/integration/targets/helm/tasks/main.yml
@@ -6,3 +6,4 @@
with_items:
- "v3.15.4"
- "v3.16.0"
+ - "v3.17.0"
diff --git a/tests/integration/targets/helm/tasks/run_test.yml b/tests/integration/targets/helm/tasks/run_test.yml
index 01c7f553..0ae279a3 100644
--- a/tests/integration/targets/helm/tasks/run_test.yml
+++ b/tests/integration/targets/helm/tasks/run_test.yml
@@ -47,6 +47,9 @@
- name: Test insecure registry flag feature
include_tasks: test_helm_insecure.yml
+- name: Test take ownership flag feature
+ include_tasks: test_helm_take_ownership.yml
+
- name: Clean helm install
file:
path: "{{ item }}"
diff --git a/tests/integration/targets/helm/tasks/test_helm_take_ownership.yml b/tests/integration/targets/helm/tasks/test_helm_take_ownership.yml
new file mode 100644
index 00000000..3e631c5b
--- /dev/null
+++ b/tests/integration/targets/helm/tasks/test_helm_take_ownership.yml
@@ -0,0 +1,81 @@
+---
+- name: Test helm take ownership
+ vars:
+ helm_namespace: "{{ test_namespace[13] }}"
+ block:
+
+ - name: Initial chart installation (no flag set)
+ helm:
+ binary_path: "{{ helm_binary }}"
+ chart_ref: "{{ chart_test_oci }}"
+ release_name: test-take-ownership
+ release_namespace: "{{ helm_namespace }}"
+ create_namespace: true
+ register: install
+
+ - name: Validate that take-ownership flag is not set
+ assert:
+ that:
+ - install is changed
+ - '"--take-ownership" not in install.command'
+
+ - name: Upgrade chart (take-onwership flag set)
+ helm:
+ binary_path: "{{ helm_binary }}"
+ chart_ref: "{{ chart_test_oci }}"
+ release_name: test-take-ownership
+ release_namespace: "{{ helm_namespace }}"
+ take_ownership: true
+ values:
+ commonLabels:
+ take-onwership: "set"
+ register: upgrade
+ ignore_errors: true
+
+ - name: Validate that take-ownership flag IS set if helm version is >= 3.17.0
+ assert:
+ that:
+ - upgrade is changed
+ - '"--take-ownership" in upgrade.command'
+ when: '"v3.17.0" <= helm_version'
+
+ - name: Validate that feature fails for helm < 3.17.0
+ assert:
+ that:
+ - upgrade is failed
+ - '"take_ownership requires helm >= 3.17.0" in upgrade.msg'
+ when: 'helm_version < "v3.17.0"'
+
+ - name: Upgrade chart (take-onwership flag not set)
+ helm:
+ binary_path: "{{ helm_binary }}"
+ chart_ref: "{{ chart_test_oci }}"
+ release_name: test-take-ownership
+ release_namespace: "{{ helm_namespace }}"
+ values:
+ commonLabels:
+ take-onwership: "not-set"
+ register: upgrade
+ ignore_errors: true
+
+ - name: Validate that take-ownership flag IS set if helm version is >= 3.17.0
+ assert:
+ that:
+ - upgrade is changed
+ - '"--take-ownership" not in upgrade.command'
+ when: '"v3.17.0" <= helm_version'
+
+ - name: Validate that feature fails for helm < 3.17.0
+ assert:
+ that:
+ - upgrade is changed
+ - upgrade.msg is not defined
+ when: 'helm_version < "v3.17.0"'
+
+ always:
+ - name: Remove helm namespace
+ k8s:
+ api_version: v1
+ kind: Namespace
+ name: "{{ helm_namespace }}"
+ state: absent