This is a backport of PR #1090 as merged into main (e6076e5).
SUMMARY
Ensure compatibility with Helm v4 for modules helm_plugin and helm_plugin_info
Partially addresses #1038
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm_plugin
helm_plugin_info
helm_info
helm_pull
helm_registry_auth
helm
helm_template
Reviewed-by: Bikouo Aubin
Reviewed-by: Matthew Johnson
This is a backport of PR #1039 as merged into main (13791ec).
SUMMARY
Helm v4 is a major version with backward-incompatible changes, including to the flags and output of the Helm CLI and to the SDK. This version is currently not supported in the kubernetes.core. This PR is related to #1038 and is a short-term solution to mark compatibility explicitly
ISSUE TYPE
Bugfix Pull Request
Docs Pull Request
COMPONENT NAME
helm
helm_template
helm_info
helm_repository
helm_pull
helm_registry_auth
helm_plugin
helm_plugin_info
ADDITIONAL INFORMATION
Added `validate_helm_version()`` method to AnsibleHelmModule that enforces version constraint >=3.0.0,<4.0.0.
Fails fast with clear error message: "Helm version must be >=3.0.0,<4.0.0, current version is {version}"
Some modules (i.e. helm_registry_auth) technically is compatible with Helm v4, but validation was added to all helm modules.
Partially coauthored by GitHub Copilot with Claude Sonnet 4 model.
Addresses issue #1038
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
This is a backport of PR #1056 as merged into main (bd1cacc).
SUMMARY
helm/helm_info - Deprecate some parameters and add new ones to resolve sanity issues.
k8s - the return block doc is not aligned with what the module returns
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
helm, helm_info, k8s
Fixes: #1046
Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
This is a backport of PR #995 as merged into main (da93cce).
SUMMARY
This pull request adds support for a new skip_schema_validation option to the helm module, allowing users to disable JSON schema validation for Helm charts and values (requires helm >= 3.16.0).
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
Added the skip_schema_validation boolean parameter to the helm module, allowing users to disable JSON schema validation for charts and values. This option is only available with Helm versions >= 3.16.0, and an appropriate error is raised for older versions.
Added integration tests to verify the behavior of the skip_schema_validation option, including cases for both supported and unsupported Helm versions.
Closes#994
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
This is a backport of PR #957 as merged into main (cf3c3a9).
SUMMARY
Add support for take-ownership Helm flag added in Helm 3.17.0
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
kubernetes.core.helm
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
This is a backport of PR #951 as merged into main (f568c9d).
SUMMARY
Now that ansible-core 2.19.0rc1 has been released, ansible-core’s devel branch has been bumped from 2.19.0.dev0 to 2.20.0.dev0. This potentially requires collection CIs to be updated which rely on devel using tests/sanity/ignore-2.19.txt, for example. Also it’s now time to add stable-2.19 to CI if you relied on devel to cover 2.19 so far. Note that milestone has also been updated to 2.20.0dev0.
During testing, I noticed that the failed test tasks/test_helm_not_installed.yml due to the new error message with ansible 2.20, please find here and following comments.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
test/CI (tasks/test_helm_not_installed.yml)
ADDITIONAL INFORMATION
to be cherry-picked to the stable-6 and stable-5
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
Added the option insecure_skip_tls_verify to the following helm modules:
helm_repository
helm
Unified the option with alias in helm_pull
For helm, added the option to the helm diff call, as it got fixed upstream.
Upstream Issue: databus23/helm-diff#503
Fixed with: helm/helm#12856
Fixes#694
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kubernetes.core.helm
kubernetes.core.helm_repository
kubernetes.core.helm_pull
ADDITIONAL INFORMATION
Basically the option was added in the parameters set in the ansible job, in the docs and then injected in the helm and helm diff binary calls if set. Defaults to False.
Example
---
- name: Test helm modules
tasks:
- name: Test helm repository insecure
kubernetes.core.helm_repository:
name: insecure
repo_url: "<helm-repo-with-self-signed-tls>"
state: present
insecure_skip_tls_verify: true
- name: Test helm pull insecure
kubernetes.core.helm_pull:
chart_ref: "oci://<helm-repo-with-self-signed-tls>/ptroject"
destination: /tmp
insecure_skip_tls_verify: true
- name: Test helm insecure
kubernetes.core.helm:
name: insecure
chart_ref: "oci://<helm-repo-with-self-signed-tls>/project"
namespace: helm-insecure-test
state: present
insecure_skip_tls_verify: true
Note
Might need an alias for telm_template, as the option is called insecure_registry, in the manual and docs of helm it would be --insecure-skip-tls-verify as well though.
Not included, as it was recently merged with #805
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Noah Lehmann
Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
SUMMARY
Starting with version 3.14.0, Helm supports --reset-then-reuse-values. As discussed on the original PR. This greatly improves on --reuse-values as it allows to avoid templates errors when new features are added to an upgraded chart.
Closes#803
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
This PR is greatly 'inspired' by #575 and because I wasn't sure how I could provide additional tests for it, I actually copied those build previously for --reuse-values (as it is an improvement on this feature.
Reviewed-by: Bikouo Aubin
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: b0z02003
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
Some of the charts we've used for testing are no longer available at the old helm repository urls, as they've been moved to oci registries. This updates those charts.
In the longer term, we should find a better way to handle these kinds of test fixtures, probably by switching to local charts as much as possible.
ISSUE TYPE
Bugfix Pull Request
Docs Pull Request
Feature Pull Request
New Module Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Helen Bailey <hebailey@redhat.com>
Reviewed-by: Yuriy Novostavskiy
* Cleanup gha
* test by removing matrix excludes
* Rename sanity tests
* trigger integration tests
* Fix ansible-lint workflow
* Fix concurrency
* Add ansible-lint config
* Add ansible-lint config
* Fix integration and lint issues
* integration wf
* fix yamllint issues
* fix yamllint issues
* update readme and add ignore-2.16.txt
* fix ansible-doc
* Add version
* Use /dev/random to generate random data
The GHA environment has difficultly generating entropy. Trying to read
from /dev/urandom just blocks forever. We don't care if the random data
is cryptographically secure; it's just garbage data for the test. Read
from /dev/random, instead. This is only used during the k8s_copy test
target.
This also removes the custom test module that was being used to generate
the files. It's not worth maintaining this for two task that can be
replaced with some simple command/shell tasks.
* Fix saniry errors
* test github_action fix
* Address review comments
* Remove default types
* review comments
* isort fixes
* remove tags
* Add setuptools to venv
* Test gh changes
* update changelog
* update ignore-2.16
* Fix indentation in inventory plugin example
* Update .github/workflows/integration-tests.yaml
* Update integration-tests.yaml
---------
Co-authored-by: Mike Graves <mgraves@redhat.com>
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
[helm] add the ability for the module to uninstall pending-install releases
SUMMARY
closes#319
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Bikouo Aubin
helm - add reuse_values and reset_values support
SUMMARY
closes#394
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
helm - add support for -set options when running helm install
SUMMARY
helm support setting options -set, -set-string, -set-file and -set-json when running helm install
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
Reviewed-by: Alina Buzachis <None>
Reviewed-by: Bikouo Aubin <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Helm - Fix issue with alternative kubeconfig
SUMMARY
closes#538
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
helm modules
Reviewed-by: Mike Graves <mgraves@redhat.com>
[helm] Add the force_update arg
Depends-On: ansible/ansible-zuul-jobs#1648
Depends-On: #522
SUMMARY
Sometimes a Helm repo needs to be updated with a new URL. The helm repo add command allows for this with the --force-update flag:
--force-update replace (overwrite) the repo if it already exists
ISSUE TYPE
Feature Pull Request - Closes#491
COMPONENT NAME
kubernetes.core.helm_repository
ADDITIONAL INFORMATION
Reviewed-by: Mor Cohen <morcohen1201@gmail.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Fix helm test suite
SUMMARY
The old version of the nginx ingress controller that was being used for helm testing is incompatible with the recent upgrade to k8s 1.25 in CI. This upgrades the version used for testing and fixes a few other related issues.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Helm template add name and disable hook
SUMMARY
This PR adds "disable_hook" and "name" (NAME of the release) as optional arguments to the helm_template module.
It contains the rest of my planned work towards #313.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
plugins/modules/helm_template.py
changelogs/fragments/313-helm-template-add-support-for-name-and-disablehook.yml
tests/unit/modules/test_helm_template.py
integration/targets/helm/tasks/tests_chart.yml
ADDITIONAL INFORMATION
The PR contains unit tests and an integration test for the new parameters added in this and the previous PR.
I limited the execution of the integration test to the local test chart, because the testing of the "show_only" parameter requires a known chart structure. As I think I do not have to test the workings of "helm template ..." itself, I hope this is sufficient.
Please adjust / comment as necessary.
Reviewed-by: Mike Graves <mgraves@redhat.com>
Add helm dependency update
SUMMARY
Execute the helm dependency update under the hood when found dependencies block in Chart.yaml file.
Support the execution of:
Standalone dependency update by executing: helm dependency update CHART
Inline dependency update when specifying the helm chart_repo_url by adding --dependency-update to the helm install command.
ISSUE TYPE
Feature Pull Request #191
COMPONENT NAME
helm, helm_template
ADDITIONAL INFORMATION
There is a doc generated for history_max option for the helm module. I think that is not generated in the previous PR #164.
There is others changes affect the docs/ folder when I run the collection_prep_add_docs -p . command. These changes are added in the last commit 64eab40. I let you decide rather we keep the commit or remove it.
The --dependency-update insertion option is tested used a local helm chart repository create via docker. So here are the tasks that test this feature. Maybe if we create a GitHub repository for the helm chart, we can add this test code in the CI pipeline.
# Test The update dependency with chart_repo_url
- name: "Test chart without dependencies block and chart_repo_url defined"
block:
- name: "Test chart without dependencies block and chart_repo_url defined"
helm:
binary_path: "{{ helm_binary }}"
name: test
chart_ref: "ingress-nginx"
chart_repo_url: https://kubernetes.github.io/ingress-nginx
chart_version: "{{ chart_source_version | default(omit) }}"
namespace: "{{ helm_namespace }}"
create_namespace: yes
register: release
- assert:
that:
- "'--dependency-update' not in release.command"
- "'upgrade' in release.command"
success_msg: "Command does not contains '--dependency-update' options"
fail_msg: "Command contains '--dependency-update' options"
- name: "Test chart with dependencies block and chart_repo_url defined and replace True"
block:
- name: "Test chart with dependencies block and chart_repo_url defined and replace True"
helm:
binary_path: "{{ helm_binary }}"
name: test1
chart_ref: "dep_up"
chart_repo_url: http://repo:8080/charts
chart_version: "{{ chart_source_version | default(omit) }}"
namespace: "{{ helm_namespace }}"
create_namespace: yes
replace: true
register: release
- debug: var=release
- assert:
that:
- "'--dependency-update' in release.command"
- "'install' in release.command"
success_msg: "Command contains '--dependency-update' options with helm install command"
fail_msg: "Command not contains '--dependency-update' with helm install command"
- name: "Test chart with dependencies block and chart_repo_url defined and replace False fails"
block:
- name: "Test chart with dependencies block and chart_repo_url defined and replace False fails"
helm:
binary_path: "{{ helm_binary }}"
name: test2
chart_ref: "dep_up"
chart_repo_url: http://repo:8080/charts
chart_version: "{{ chart_source_version | default(omit) }}"
namespace: "{{ helm_namespace }}"
create_namespace: yes
replace: false
register: release
ignore_errors: true
- assert:
that:
- release.failed
- release.msg == "'--dependency-update' hasn't been supported yet with 'helm upgrade'. Please use 'helm install' instead by adding 'replace' option"
success_msg: "Command build fail when adding '--dependency-update' with the helm upgrade command"
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Wissem BEN CHAABANE <benchaaben.wissem@gmail.com>
Reviewed-by: Bikouo Aubin <None>
Upgrade black version
SUMMARY
Move off of beta version of black and pin to current calendar year
version.
The only manual changes here are to tox.ini. Everything else is from running the new version of black.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Abhijeet Kasurde <None>
Move integration test suite from molecule to ansible-test
SUMMARY
molecule has been replaced with ansible-test
some test cases have been updated
k8s_apply : remove duplicated tasks increasing the running time of the test
helm: use different namespaces for different test cases in order to wait for the namespace deletion before moving to the next test.
all: remove wait: yes at the end of each test when deleting namespace, the role used to create namespace will ensure that it is deleted before if existing.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
integration testing
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Reviewed-by: None <None>
