Conversation
mrlunchbox777
force-pushed
the
docs-adding-expose-previous-chart-hip
branch
from
ef34886 to
4c65745
Compare
|
@scottrigby @gjenkins8 here is the hip we talked about at contribfest |
|
+1 |
|
Some notes that were brought up to improve the proposal were to:
|
Here is an example of getting flux CRs to control if an upgrade job runs. It was part of this MR. It was used for a default name change on immutable resources by deleting them in a hook. |
mrlunchbox777
force-pushed
the
docs-adding-expose-previous-chart-hip
branch
from
d819dc7 to
b48d8f5
Compare
hips/hip-0027.md
Outdated
|
|
||
| ## Rejected Ideas | ||
|
|
||
| - **Full Release Object:** Security/performance concerns; chart metadata sufficient |
There was a problem hiding this comment.
my main thought is, would you not also want to expose the values of helm history to check things like whether a previous release was successful?
Some thoughts about this: What about adding "History" key to the existing .Release built-in: .Release.History when a --release-history-depth flag is passed?
This could be a filtered version of the Release object that's currently stored in helm release secrets by default.
Agree that the full release object could cause performance issues. perhaps this could be mitigated by:
- any history might be best to opt-into with a flag (default history level 0 rather than 1 as currently proposed)
- including only a filtered subset of the release object, omitting potentially very large data like templates, manifest etc.
Not yet sure what security concerns adding the Release object would add that other built-ins don't already have (eg, .Values, .Files, etc). But good to consider here.
There was a problem hiding this comment.
Thank you for the thoughtful suggestions! .Release.History feels natural and being part of an existing path makes it that much easier to find and use. Pulling the wider set of data is certainly more useful, it may be worth considering letting the user control the filter and default most things to discarded by default. This keeps with the opt-in nature of this proposal. I agree defaulting to 0 is better for similar reasons.
One suggestion I have on top of this would be to ensure that the user's decisions are available to the templates at the same time. This enables a "negotiation" between the user and author, i.e. a chart author may need a depth of 2 to render a chart properly and error out if not given it, but it doesn't force the condition on the user, they must accept first. It could also enable helpful error messages, extend testing, and branching logic based on available history.
Example use case:
{{- if lt .Release.HistoryDepth 3 }}
{{- fail "This chart requires --release-history-depth=3 for safe upgrades from v2.x" }}
{{- end }}Proposed field: .Release.HistoryDepth (aligns with flag name)
This would be a simple integer value (0, 1, 2, etc.) always available in template context, similar to how .Release.Revision is currently available.
What do you think of that addition? Should we determine what things should be filtered by default as part of this?
Again, really appreciate the review. I'll update the HIP to use .Release.History and associated changes.
There was a problem hiding this comment.
Release.HistoryDepth is redundant here, and equivalent to:
{{- if lt (len .Release.History) 3 }}There was a problem hiding this comment.
will reply with this and the rest inline
There was a problem hiding this comment.
agreed, removed and referenced .Release.History and .Release.Revision checks instead. Also, when reviewing the hip and your comments, I think adding max makes sense because that's the terminology history uses.
scottrigby
changed the title
scottrigby
left a comment
scottrigby
left a comment
There was a problem hiding this comment.
getting closer. just a few more questions and suggestions.
hips/hip-0027.md
Outdated
|
|
||
| This HIP proposes exposing release history metadata during template rendering. Currently, Helm templates have access to `.Chart` for the chart being installed but no equivalent access to deployed release history. This forces chart authors to use complex workarounds like post-renderers, pre-upgrade hooks, or manual values conventions to implement version-aware upgrade logic. | ||
|
|
||
| The proposal introduces `.Release.History` (array of historical releases) available in template contexts, populated during `helm upgrade` and `helm rollback` operations. The `--release-history-depth` flag controls how many historical releases to retrieve (default: 0), requiring explicit opt-in. The `.Release.HistoryDepth` field exposes the requested depth value to enable chart authors to require minimum depth for safe upgrades. |
There was a problem hiding this comment.
I'd remove .Release.HistoryDepth, as it's functionally equivalent to len .Release.History in gotemplate. Eg,
{{- if lt (len .Release.History) 3 }}
hips/hip-0027.md
Outdated
| {{- end }} | ||
|
|
||
| # Require minimum depth for safe upgrades | ||
| {{- if lt .Release.HistoryDepth 3 }} |
There was a problem hiding this comment.
see above
| {{- if lt .Release.HistoryDepth 3 }} | |
| {{- if lt (len .Release.History) 3 }} |
|
|
||
| ### Exposing Requested Depth | ||
|
|
||
| `.Release.HistoryDepth` exposes the value of `--release-history-depth` to chart templates, enabling a "negotiation" between user and chart author. Chart authors can require a minimum depth for safe migrations and provide helpful error messages, but this doesn't force the condition—users must explicitly opt in with the appropriate flag. | ||
|
|
||
| **Example:** | ||
|
|
||
| ```yaml | ||
| {{- if lt .Release.HistoryDepth 3 }} | ||
| {{- fail "This chart requires --release-history-depth=3 for safe upgrades from v2.x" }} | ||
| {{- end }} | ||
| ``` | ||
|
|
||
| This field is always available (similar to `.Release.Revision`) and contains the integer value passed to `--release-history-depth` (0 by default). | ||
|
|
There was a problem hiding this comment.
see above
| ### Exposing Requested Depth | |
| `.Release.HistoryDepth` exposes the value of `--release-history-depth` to chart templates, enabling a "negotiation" between user and chart author. Chart authors can require a minimum depth for safe migrations and provide helpful error messages, but this doesn't force the condition—users must explicitly opt in with the appropriate flag. | |
| **Example:** | |
| ```yaml | |
| {{- if lt .Release.HistoryDepth 3 }} | |
| {{- fail "This chart requires --release-history-depth=3 for safe upgrades from v2.x" }} | |
| {{- end }} | |
| ``` | |
| This field is always available (similar to `.Release.Revision`) and contains the integer value passed to `--release-history-depth` (0 by default). |
hips/hip-0027.md
Outdated
|
|
||
| ### Always Available as Template Object | ||
|
|
||
| `.Release.History` (empty array or populated) and `.Release.HistoryDepth` (integer) are always present to ensure consistent template behavior, prevent undefined variable errors, and enable testing with `helm template`. |
There was a problem hiding this comment.
see above
| `.Release.History` (empty array or populated) and `.Release.HistoryDepth` (integer) are always present to ensure consistent template behavior, prevent undefined variable errors, and enable testing with `helm template`. | |
| `.Release.History` (empty array or populated) is always present to ensure consistent template behavior, prevent undefined variable errors, and enable testing with `helm template`. |
|
|
||
| **`.Release.HistoryDepth`**: Integer value indicating the requested depth via `--release-history-depth` flag. Always available, defaults to 0. | ||
|
|
There was a problem hiding this comment.
see above
| **`.Release.HistoryDepth`**: Integer value indicating the requested depth via `--release-history-depth` flag. Always available, defaults to 0. |
hips/hip-0027.md
Outdated
| {{- end }} | ||
|
|
||
| # Enforce minimum depth requirement | ||
| {{- if and (gt (len .Release.History) 0) (lt .Release.HistoryDepth 2) }} |
There was a problem hiding this comment.
I was going to suggest a change here but I don't actually understand how this use case differs from the above cases.
There was a problem hiding this comment.
the logic is bad here, the intent was to be able to require a depth if a depth is available, but that achievable with what you already recommended, see #421 (comment)
hips/hip-0027.md
Outdated
|
|
||
| A future pull request will: | ||
|
|
||
| 1. Extend template rendering context to include `.Release.History` and `.Release.HistoryDepth` |
There was a problem hiding this comment.
| 1. Extend template rendering context to include `.Release.History` and `.Release.HistoryDepth` | |
| 1. Extend template rendering context to include `.Release.History` |
hips/hip-0027.md
Outdated
| 5. Set `.Release.HistoryDepth` to the flag value in all contexts | ||
| 6. Include comprehensive unit and integration tests covering depth behavior, filtering, and edge cases |
There was a problem hiding this comment.
| 5. Set `.Release.HistoryDepth` to the flag value in all contexts | |
| 6. Include comprehensive unit and integration tests covering depth behavior, filtering, and edge cases | |
| 5. Include comprehensive unit and integration tests covering depth behavior, filtering, and edge cases |
hips/hip-0027.md
Outdated
|
|
||
| **Excluded by default:** | ||
|
|
||
| - Values (may contain secrets) |
There was a problem hiding this comment.
I don't understand excluding this one. Templates already have access to .Values. And helm templating can already access previous secrets if needed via lookup() (it would be very cumbersome, but already accessible in templating).
There was a problem hiding this comment.
I was being overly conservative. I think a better approach is to keep values out by default, for both attack surface and performance reasons, but still enable it's use/requirement from users/chart maintainers.
hips/hip-0027.md
Outdated
|
|
||
| ## Security Implications | ||
|
|
||
| **Not Exposed:** Previous values (may contain secrets) or previous manifests (may contain sensitive data). Only filtered release metadata is exposed (chart metadata, release status, timestamps, revision numbers). |
There was a problem hiding this comment.
unclear why this would increase exposure. see note about existing .Values and lookup() func above.
mrlunchbox777
force-pushed
the
docs-adding-expose-previous-chart-hip
branch
3 times, most recently
from
8527341 to
f1cfad4
Compare
Signed-off-by: Andrew Shoell <mrlunchbox777@gmail.com>
mrlunchbox777
force-pushed
the
docs-adding-expose-previous-chart-hip
branch
from
f1cfad4 to
cd01bdc
Compare
|
I accidentally messed up the history on my branch, so I ended up squashing it all into one commit to fix |
3 participants
Adding a HIP to expose the currently deployed chart at render time.