This is a backport of PR #1056 as merged into main (bd1cacc).
SUMMARY
helm/helm_info - Deprecate some parameters and add new ones to resolve sanity issues.
k8s - the return block doc is not aligned with what the module returns
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
helm, helm_info, k8s
Fixes: #1046
Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
This is a backport of PR #995 as merged into main (da93cce).
SUMMARY
This pull request adds support for a new skip_schema_validation option to the helm module, allowing users to disable JSON schema validation for Helm charts and values (requires helm >= 3.16.0).
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
Added the skip_schema_validation boolean parameter to the helm module, allowing users to disable JSON schema validation for charts and values. This option is only available with Helm versions >= 3.16.0, and an appropriate error is raised for older versions.
Added integration tests to verify the behavior of the skip_schema_validation option, including cases for both supported and unsupported Helm versions.
Closes#994
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
This is a backport of PR #957 as merged into main (cf3c3a9).
SUMMARY
Add support for take-ownership Helm flag added in Helm 3.17.0
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
kubernetes.core.helm
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
This is a backport of PR #934 as merged into main (775959c).
SUMMARY
This change introduces the plain_http parameter to modules that can interact with OCI registries. This in needed in cases where the OCI registry does not use SSL encryption, forcing Helm to send HTTP requests instead of HTTPS
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm, helm_pull and helm_template
ADDITIONAL INFORMATION
This is the output when trying to use an OCI registry that is not configured to use SSL certs.
fatal: [localhost]: FAILED! => {"changed": false, "command": "/usr/local/bin/helm show chart 'oci://<http-registry>/charts/foo'", "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client\n", "stderr": "Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client\n", "stderr_lines": ["Error: Get \"https://<http-registry>/v2/charts/foo/tags/list\": http: server gave HTTP response to HTTPS client"], "stdout": "", "stdout_lines": []}
Reviewed-by: Bikouo Aubin
SUMMARY
Added the option insecure_skip_tls_verify to the following helm modules:
helm_repository
helm
Unified the option with alias in helm_pull
For helm, added the option to the helm diff call, as it got fixed upstream.
Upstream Issue: databus23/helm-diff#503
Fixed with: helm/helm#12856
Fixes#694
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kubernetes.core.helm
kubernetes.core.helm_repository
kubernetes.core.helm_pull
ADDITIONAL INFORMATION
Basically the option was added in the parameters set in the ansible job, in the docs and then injected in the helm and helm diff binary calls if set. Defaults to False.
Example
---
- name: Test helm modules
tasks:
- name: Test helm repository insecure
kubernetes.core.helm_repository:
name: insecure
repo_url: "<helm-repo-with-self-signed-tls>"
state: present
insecure_skip_tls_verify: true
- name: Test helm pull insecure
kubernetes.core.helm_pull:
chart_ref: "oci://<helm-repo-with-self-signed-tls>/ptroject"
destination: /tmp
insecure_skip_tls_verify: true
- name: Test helm insecure
kubernetes.core.helm:
name: insecure
chart_ref: "oci://<helm-repo-with-self-signed-tls>/project"
namespace: helm-insecure-test
state: present
insecure_skip_tls_verify: true
Note
Might need an alias for telm_template, as the option is called insecure_registry, in the manual and docs of helm it would be --insecure-skip-tls-verify as well though.
Not included, as it was recently merged with #805
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Noah Lehmann
Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
SUMMARY
Starting with version 3.14.0, Helm supports --reset-then-reuse-values. As discussed on the original PR. This greatly improves on --reuse-values as it allows to avoid templates errors when new features are added to an upgraded chart.
Closes#803
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
This PR is greatly 'inspired' by #575 and because I wasn't sure how I could provide additional tests for it, I actually copied those build previously for --reuse-values (as it is an improvement on this feature.
Reviewed-by: Bikouo Aubin
Reviewed-by: Yuriy Novostavskiy
Reviewed-by: b0z02003
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
SUMMARY
Some parameters were added to the master in time where the latest version was 2.4.0 with version_added: 2.5.0, however the next version after 2.4.0 was a 3.0.0.
So, with this trivial doc PR (that most probably doesn't require a changelog fragment and including to changelog) I replacing version_added: 2.5.0 to version_added: 3.0.0 for:
reuse_values in kubernetes.core.helm module
reset_values in kubernetes.core.helm module
delete_all in kubernetes.core.k8s module
hidden_fields in kubernetes.core.k8s module
hidden_fields in kubernetes.core.k8s_info module
All of them are introduced in kubernetes.core 3.0.0
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
helm
k8s
8s_info
ADDITIONAL INFORMATION
PR to be backported to stable-3 and stable-5
Reviewed-by: Mike Graves <mgraves@redhat.com>
minor(doc): use the same style of version_added across repo
SUMMARY
Currently is no single style of version_added, in some places it's unquoted, somewhere single quote is used, in another places it's double quoted. Moreover, some file had different styles in one single file.
The aim of this PR is to update whole repo to single style for version_added
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
kustomize
helm
helm_info
helm_plugin
helm_plugin_info
helm_pull
helm_repository
helm_template
k8s_cluster_info
k8s_cp
k8s_drain
k8s_exec
k8s_log
k8s_rollback
k8s_taint
ADDITIONAL INFORMATION
The same style is proposed as used in amazon.aws collections
Reviewed-by: Kelv Gooding
Reviewed-by: Alina Buzachis
Reviewed-by: Mike Graves <mgraves@redhat.com>
Align `helmdiff_check` behavior with the `deploy` function
SUMMARY
Align helmdiff_check behavior with the deploy function
Fixes#638
helmdiff_check respects set_values parameter
Fixes#669
helmdiff_check command line parameters sequence aligned to the deploy function
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kubernetes.core.helm
Reviewed-by: Mike Graves <mgraves@redhat.com>
* Cleanup gha
* test by removing matrix excludes
* Rename sanity tests
* trigger integration tests
* Fix ansible-lint workflow
* Fix concurrency
* Add ansible-lint config
* Add ansible-lint config
* Fix integration and lint issues
* integration wf
* fix yamllint issues
* fix yamllint issues
* update readme and add ignore-2.16.txt
* fix ansible-doc
* Add version
* Use /dev/random to generate random data
The GHA environment has difficultly generating entropy. Trying to read
from /dev/urandom just blocks forever. We don't care if the random data
is cryptographically secure; it's just garbage data for the test. Read
from /dev/random, instead. This is only used during the k8s_copy test
target.
This also removes the custom test module that was being used to generate
the files. It's not worth maintaining this for two task that can be
replaced with some simple command/shell tasks.
* Fix saniry errors
* test github_action fix
* Address review comments
* Remove default types
* review comments
* isort fixes
* remove tags
* Add setuptools to venv
* Test gh changes
* update changelog
* update ignore-2.16
* Fix indentation in inventory plugin example
* Update .github/workflows/integration-tests.yaml
* Update integration-tests.yaml
---------
Co-authored-by: Mike Graves <mgraves@redhat.com>
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
use post_renderer when checking 'changed' status for a helm release
SUMMARY
helmdiff_check needs to use --post-renderer if configured in order to detect changes correctly
idempotency still seems to work
ISSUE TYPE
Bugfix Pull Request (50%)
Feature Pull Request (50%)
COMPONENT NAME
kubernetes.core.helm
ADDITIONAL INFORMATION
- /snap/bin/helm diff upgrade myrelease some/chart --version=1.2.3 --reset-values -f=/tmp/tmpnn0rr50h.yml
+ /snap/bin/helm diff upgrade myrelease some/chart --version=1.2.3 --reset-values --post-renderer=/tmp/somescript.sh -f=/tmp/tmpnn0rr50h.yml
Reviewed-by: Mike Graves <mgraves@redhat.com>
fix post_renderer arguments breaking the helm deploy_command
SUMMARY
The post_renderer setting is broken and resets the deploy_command instead of appending an argument. Diff should be self explanatory.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kubernetes.core.helm
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
[helm] add the ability for the module to uninstall pending-install releases
SUMMARY
closes#319
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Bikouo Aubin
helm - add reuse_values and reset_values support
SUMMARY
closes#394
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
helm - add support for -set options when running helm install
SUMMARY
helm support setting options -set, -set-string, -set-file and -set-json when running helm install
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
Reviewed-by: Alina Buzachis <None>
Reviewed-by: Bikouo Aubin <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Helm - Fix issue with alternative kubeconfig
SUMMARY
closes#538
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
helm modules
Reviewed-by: Mike Graves <mgraves@redhat.com>
Add helm dependency update
SUMMARY
Execute the helm dependency update under the hood when found dependencies block in Chart.yaml file.
Support the execution of:
Standalone dependency update by executing: helm dependency update CHART
Inline dependency update when specifying the helm chart_repo_url by adding --dependency-update to the helm install command.
ISSUE TYPE
Feature Pull Request #191
COMPONENT NAME
helm, helm_template
ADDITIONAL INFORMATION
There is a doc generated for history_max option for the helm module. I think that is not generated in the previous PR #164.
There is others changes affect the docs/ folder when I run the collection_prep_add_docs -p . command. These changes are added in the last commit 64eab40. I let you decide rather we keep the commit or remove it.
The --dependency-update insertion option is tested used a local helm chart repository create via docker. So here are the tasks that test this feature. Maybe if we create a GitHub repository for the helm chart, we can add this test code in the CI pipeline.
# Test The update dependency with chart_repo_url
- name: "Test chart without dependencies block and chart_repo_url defined"
block:
- name: "Test chart without dependencies block and chart_repo_url defined"
helm:
binary_path: "{{ helm_binary }}"
name: test
chart_ref: "ingress-nginx"
chart_repo_url: https://kubernetes.github.io/ingress-nginx
chart_version: "{{ chart_source_version | default(omit) }}"
namespace: "{{ helm_namespace }}"
create_namespace: yes
register: release
- assert:
that:
- "'--dependency-update' not in release.command"
- "'upgrade' in release.command"
success_msg: "Command does not contains '--dependency-update' options"
fail_msg: "Command contains '--dependency-update' options"
- name: "Test chart with dependencies block and chart_repo_url defined and replace True"
block:
- name: "Test chart with dependencies block and chart_repo_url defined and replace True"
helm:
binary_path: "{{ helm_binary }}"
name: test1
chart_ref: "dep_up"
chart_repo_url: http://repo:8080/charts
chart_version: "{{ chart_source_version | default(omit) }}"
namespace: "{{ helm_namespace }}"
create_namespace: yes
replace: true
register: release
- debug: var=release
- assert:
that:
- "'--dependency-update' in release.command"
- "'install' in release.command"
success_msg: "Command contains '--dependency-update' options with helm install command"
fail_msg: "Command not contains '--dependency-update' with helm install command"
- name: "Test chart with dependencies block and chart_repo_url defined and replace False fails"
block:
- name: "Test chart with dependencies block and chart_repo_url defined and replace False fails"
helm:
binary_path: "{{ helm_binary }}"
name: test2
chart_ref: "dep_up"
chart_repo_url: http://repo:8080/charts
chart_version: "{{ chart_source_version | default(omit) }}"
namespace: "{{ helm_namespace }}"
create_namespace: yes
replace: false
register: release
ignore_errors: true
- assert:
that:
- release.failed
- release.msg == "'--dependency-update' hasn't been supported yet with 'helm upgrade'. Please use 'helm install' instead by adding 'replace' option"
success_msg: "Command build fail when adding '--dependency-update' with the helm upgrade command"
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Wissem BEN CHAABANE <benchaaben.wissem@gmail.com>
Reviewed-by: Bikouo Aubin <None>
Added support for Helm post-renderer
SUMMARY
Add support for Helm post renderer
Fixes: #30
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Mohammed Naser <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Prepare for distutils.version being removed in Python 3.12
SUMMARY
distutils has been deprecafed and will be removed from
Python's stdlib in Python 3.12 (see python.org/dev/peps/pep-0632).
This PR replaces the use of distutils.version.LooseVersion and distutils.version.StrictVersion
with LooseVersion from the vendored copy of distutils.version
included with ansible-core 2.12 (ansible/ansible#74644) if available,
and falls back to distutils.version for ansible-core 2.11 and before.
Since ansible-core 2.11 and earlier do not support Python 3.12 (since
they use LooseVersion itself in various places), this incomplete fix
should be OK for now. Also, the way this PR works (by adding a new
module_utils version that abstracts away where LooseVersion comes from),
it is easy to also fix this for ansible-core 2.11 and earlier later on.
Signed-off-by: Abhijeet Kasurde akasurde@redhat.com
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
changelogs/fragments/disutils.version.yml
molecule/default/roles/helm/library/helm_test_version.py
plugins/module_utils/common.py
plugins/module_utils/version.py
plugins/modules/helm.py
Reviewed-by: Felix Fontein <felix@fontein.de>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Documentation update for kubernetes.core.helm
Clarify usage of the module for doing helm repo update only.
I used collection_prep_add_docs as explained in CONTRIBUTING.md, not sure if
that's correct ?
Fixes#316
@Akasurde
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Return diff in helm check mode
When the helm module is executed in check mode with the helm diff plugin
installed, it now returns the diff.
SUMMARY
When the helm module is executed in check mode with the helm diff plugin
installed, it now returns the diff.
COMPONENT NAME
helm
ADDITIONAL INFORMATION
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Fabrice <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
* helm: add support for history-max parameter
The --history-max parameter allows the user to set a maximum amount of
revisions per release to be kept in the history.
By default helm keeps 10 revisions per release, which means that 10
secrets will be kept per release.
* helm: remove default for history_max
When the history_max option is not set, the module will not pass
'--history-max' to the CLI command. This ensures that the defaults of
the helm CLI will alwasy be used.
* helm: remove whitespace trail
* helm: add mutually exclusive logic
The 'history_max' parameter is not available when using the 'helm
install' command, it is only implemented for 'helm ugprade'.
The 'replace' option uses the 'install' parameter, thus 'replace' and
'history_max' have to be mutually exclusive.
* helm: formatting changes
I've got the following environment variable set:
- `K8S_AUTH_VERIFY_SSL=False`
Helm's `validate_certs` parameter fallback on this environment variable.
Which means, on my system, the `validate_certs` will already be set.
So we cannot make this parameter exclusive wih another one.
* Rename from community.kubernetes to kubernetes.core
This goes through and renames community.kubernetes to kubernetes.core.
Most of this was generated from the downstream build script that was
used on the community repository, plus whatever hand edits I could find
that were needed.
The downstream build and test process has also been removed as this
repository is now the downstream repository.
* Fix CONTRIBUTING.md
There are some cases where the existing module has difficulty
determining if an upgrade would result in changes. This can particularly
be a problem when changes are made to a local chart.
This adds optional support for helm diff. If the plugin is present it
will be used. Otherwise, the default implementation will be used and a
warning will be issued. One caveat: helm diff does not currently support
using a repo url, so the default implementation will be used in this
case, as well.
Closes: #248
Add support for:
- K8S_AUTH_HOST
- K8S_AUTH_API_KEY
- K8S_AUTH_VERIFY_SSL
- K8S_AUTH_SSL_CA_CERT
This commit also refactor the way we pass K8S related configuration to `helm`:
All the calls are now done in a new module_utils module (`helm.py`).
The handling of the `kube_*` variables has also been moved in this new
module.
We need https://github.com/helm/helm/pull/8622 to be able to ignore the
certificate validation. As a workaround, the generate a temporary
kubeconfig configuration file.
Closes: #279
