Closed puffitos closed 5 hours ago
I can't recreate this one with the latest from main
.
fleet
's version of helm
was updated to v3.14.4-fleet1
(the one used when reporting the bug was v3.12.3-fleet1
)
I can confirm I get the following error instead of the previous panic:
fleet time="2024-07-01T13:36:01Z" level=fatal msg="helm chart download: improper constraint: 0.0.11-rc4_build3"
In fact, when pushing the chart to the OCI
registry helm
now shows a hint about what's going on:
OCI artifact references (e.g. tags) do not support the plus sign (+). To support
storing semantic versions, Helm adopts the convention of changing plus (+) to
an underscore (_) in chart version tags when pushing to a registry and back to
a plus (+) when pulling from a registry.
Basically the +
character is not supported by OCI, but helm
(and fleet
) works with semantic versions (which don't support _
), so helm changes the _
characters to +
when pulling and the other way around when pushing.
I agree it's not intuitive to see the manifest as 0.0.11-rc4_build3
uploaded in the registry and having to specify 0.0.11-rc4+build3
in the fleet.yaml
file. But this is something done by the helm
library.
As the _
version is not a valid semantic version it is rejected.
And the +
version is stored as _
because +
is not a valid character for OCI tags and helm
swaps the character automatically.
I hope OCI specs are updated to accept +
because this is really confusing.
We could , maybe, be more explicit in the documentation about semantic versioning and OCI charts. I won't close the issue yet, until we decide about this docs topic.
Closing this as the docs update has been merged.
Is there an existing issue for this?
Current Behavior
When using an quay OCI registry to roll out a helm chart with fleet, and the helm chart has a semver tag, which also includes metadata (like
0.0.11-rc4+build3
), using the exact version of the chart as saved in the OCI registry will result in a panic of the GitJob pod which runs thefleet apply
command.The chart itself is has the following Chart.yaml:
And packaging the helm chart and pushing it to an OCI registry produces the following tag:
Since the image cannot be pulled using the
+
sign, one would think that the correctfleet.yaml
to pull in the chart would be:since that's how the chart is saved in the registry. Alas, this creates the panic.
Replacing the
_
with a+
, does the trick:The only problem is, that the panic of the GitJob pod isn't helping anyone understand why this happens.
Expected Behavior
After using a wrong tag for a helm chart, a good error message would appear in the the output of the gitjob pod, explaining that the tag isn't present / malformed.
Steps To Reproduce
See current behavior. Simply put:
v0.0.1-rc0+build9
) get pushed to an OCI registry via helm package + helm pushv0.0.1-rc0_build9
)Environment
Logs