Closed bb-Ricardo closed 2 days ago
Hi,
was wondering if any release is planned/scheduled? Last release was May 4th.
Thank you. I assumed there would be a bug fix release 1.3.1 (hence the backport to the 1.3.x branch)
No patch release, only if a CVE is found in helm-controller we'll backport.
Hi,
today we ran into an issue with source controller version 1.3.0.
First we discovered that some Helm charts were missing from the index that source-controller created. Downloading the index.yaml directly from the repository in Artifactory confirmed that the chart was present. Then we downgraded the source-controller version to 1.2.4 and all was working as expected again.
So we started to investigate the changes between the two versions and we found it was the upgrade of the Helm dependency from
helm.sh/helm/v3 v3.13.3
tohelm.sh/helm/v3 v3.14.4
.And found this issue: https://github.com/helm/helm/issues/12748
The behavior of the this validate function has changed.
version 1.13.3 https://github.com/helm/helm/blob/v3.13.3/pkg/chart/metadata.go#L131-L135
Version 1.14.4 https://github.com/helm/helm/blob/v3.14.4/pkg/chart/metadata.go#L138-L150
To mitigate the reported Helm issue check has been added: https://github.com/helm/helm/blob/15f76cf83c670a329b62c2b5ddeb0864ec99daec/pkg/repo/index.go#L369
https://github.com/helm/helm/blob/15f76cf83c670a329b62c2b5ddeb0864ec99daec/pkg/repo/index.go#L402-L414
Which is now missing from the logic in source-controller.
Best way forward from here I currently see is to copy the the behavior from Helm to implement the level of validation.
Another option would be to ask the Helm project to change the loadIndex to a public function and then use this directly in source-controller. (Might still be an issue with the logging and naming the source)
Cheers Ricardo