This commit add the oci artifact digest into the release observed
snapshot. This is used to later to add that value as an annotation.
Signed-off-by: Soule BA <bah.soule@gmail.com>
Helm v3.13.x includes a change which causes labels to be magically
set during writes to the storage, without persisting them to the
release object which is passed to the interface.
Because of this, at the time of observing the initial write to the
storage we would not see them, but once we are verifying them we would.
Causing the calculated digest to always differ, and making the
controller think the storage item had changed.
While I am of opinion it would be better for Helm to set the labels on
the release object as soon as they are persisted to the storage, the
only solution now for us is to ignore them.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This commit adds an atomic release reconciler, capable of stepping
through a series of Helm actions. In addition, it adds the last bits
around eventing and summarizing the end state of the Condition types
into e.g. a Ready condition.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This solves the issue where a release name composed out of e.g.
the target namespace and name of the HelmRelease itself would exceed
the >=53 character length. By calculating the SHA256 checksum of the
release name, taking the first 12 characters of this checksum and
appending it to the release named trimmed to 40 characters separated
by a hyphen (`<long-release-name>-abcdef12345678`).
Signed-off-by: Hidde Beydals <hello@hidde.co>
This adds a `release` package which allows to create (minified)
`ObservedRelease` copy of a Helm release object. This
`ObservedRelease` contains sufficient data to detect changes
to the storage object made by Helm actions run manually, and a variety
of malicious changes (but not all, at present).
The data in an `ObservedRelease` can be filtered using a `DataFilter`,
this allows for example to filter out test hooks to prevent the
controller from taking action on a manually run `helm test`.
The consumer can combine the `ObservedRelease` with a Helm storage
observer to take snapshots of the release object as written to the
storage by a Helm action. To record this on a `HelmRelease` v2beta2 API
object, the `ObservedRelease` can be transformed into a
`HelmReleaseInfo` API object which can be recorded as either the
Current or Previous release in the status.
During the transformation, the digests of both the `ObservedRelease`
object and release config are calculated using the canonical algorithm.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Stefan Prodan
Soule BA
Hidde Beydals
Hidde Beydals