Closed hyperkineticnerd closed 2 months ago
Huh what no, non-argcd users should be able to assume that the locked dependencies work with the current chart.
Non-argocd users should be using the dependency section in Chart.yml to know what dependencies work with the current chart.
Non-argocd users should be using the dependency section in Chart.yml to know what dependencies work with the current chart.
No, only Chart.lock
holds the excact versions, while Chart.yml
can i.e. use Version ranges. In this project both hold the same excact versions, but that's not always the case. So it's best practice to version control not only Helm the lockfile but in general any lockfile for better reproduction results.
I guess this issue needs to get solved on ArgoCD side.
The purpose of the Chart.lock
is to know what versions of dependencies are installed on a cluster. The file has no other purpose. The install instructions for this repo states to run helm dep update
which will create the file or update the file. The issue isn't with ArgoCD, as many other charts don't commit the file.
The purpose of the Chart.lock is to know what versions of dependencies are installed on a cluster. The file has no other purpose.
That's one purpose. Another one is that charts could be tested in CI, and they would be tested with exactly the versions from Chart.lock. A chart.lock file tells me as user that this is most probably a version combination that is proven to work, even when this is not tested in CI but (hopefully) by chart maintainers or PR authors. This is much more reliable that by a Chart.yaml which could container a broad version range per dependency.
I consider Bitnami charts as a good example for char quality, and they version control Chart.lock files, just as an example.
The install instructions for this repo states to run
helm dep update
which will create the file or update the file.
Filed #62 to correct that.
A chart.lock file tells me as user that this is most probably a version combination that is proven to work, even when this is not tested in CI but (hopefully) by chart maintainers or PR authors.
This, exactly this :point_up: !
Going to close this, as we want to have a Chart.lock
file as an indication of which dependencies we tested on our own systems that users can more safely rely on (in theory at least).
Though I'm sorry to hear that you're having issues with this chart on Argo CD! We use Argo CD for our own deployments, and I haven't seen any issues myself, but if you're still experiencing issues then feel free to open an issue for discussion and debugging.
Need Chart.lock removed for use with ArgoCD and other GitOps tools.