diff --git a/UPSTREAM_PROJECTS.yaml b/UPSTREAM_PROJECTS.yaml index 1b966b7a53..d2c7a376cb 100644 --- a/UPSTREAM_PROJECTS.yaml +++ b/UPSTREAM_PROJECTS.yaml @@ -126,7 +126,7 @@ projects: - name: helm versions: - tag: v3.14.3 - go_version: "1.21" + go_version: "1.20" - org: kube-vip repos: - name: kube-vip diff --git a/projects/helm/helm/CHECKSUMS b/projects/helm/helm/CHECKSUMS index 9d669e00e7..810c4b1511 100644 --- a/projects/helm/helm/CHECKSUMS +++ b/projects/helm/helm/CHECKSUMS @@ -1,2 +1,2 @@ -20927c86b3fd83e65ebb83bcc849e5037f2f4ac64cf0047b70731416a0224713 _output/bin/helm/linux-amd64/helm -af6707bc4273a6237d5f7532ed9a960fc91204369aa30499d23903a8d420d284 _output/bin/helm/linux-arm64/helm +3442d5939aa6ae1aa2a25d5d2fc6a00c656ae5a9889732138c12156099179ff1 _output/bin/helm/linux-amd64/helm +734d2121419ffab611772bb5c1bf8226fef7bdd932590fe3950e05de8bc90488 _output/bin/helm/linux-arm64/helm diff --git a/projects/helm/helm/GIT_TAG b/projects/helm/helm/GIT_TAG index ead1784247..10d3e4ccb1 100644 --- a/projects/helm/helm/GIT_TAG +++ b/projects/helm/helm/GIT_TAG @@ -1 +1 @@ -v3.14.3 +v3.12.1 diff --git a/projects/helm/helm/GOLANG_VERSION b/projects/helm/helm/GOLANG_VERSION index d2ab029d32..5fb5a6b4f5 100644 --- a/projects/helm/helm/GOLANG_VERSION +++ b/projects/helm/helm/GOLANG_VERSION @@ -1 +1 @@ -1.21 +1.20 diff --git a/projects/helm/helm/README.md b/projects/helm/helm/README.md index ef5295365b..5be8233864 100644 --- a/projects/helm/helm/README.md +++ b/projects/helm/helm/README.md @@ -1,5 +1,5 @@ ## **Helm** -![Version](https://img.shields.io/badge/version-v3.14.3-blue) +![Version](https://img.shields.io/badge/version-v3.12.1-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoieVZ2Vm4zalcvTTRlVHk3ODJMLy80a2hqaGw1eUNEMlBEQktYOGxLdkZYQmxMK2tWUTMyUHlxZDVIK2lYak9qM25OZm9IYTFkUGlXZ3dCOEhRb0dHMzBjPSIsIml2UGFyYW1ldGVyU3BlYyI6Im9EemRhdkg1Tll6d1lSaVciLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [Helm](https://github.com/helm/helm) is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. diff --git a/projects/helm/helm/patches/0001-Push-to-insecure-OCI-registry.patch b/projects/helm/helm/patches/0001-Push-to-insecure-OCI-registry.patch new file mode 100644 index 0000000000..a40bf670a5 --- /dev/null +++ b/projects/helm/helm/patches/0001-Push-to-insecure-OCI-registry.patch @@ -0,0 +1,167 @@ +From 7e94c59c14b030d8a602b3026d08b98e0362fbb0 Mon Sep 17 00:00:00 2001 +From: "https://github.com/helm/helm/pull/10408" +Date: Mon, 29 Nov 2021 16:53:43 +0800 +Subject: [PATCH 1/3] Push to insecure OCI registry + +Signed-off-by: acool@amazon.com +--- + cmd/helm/push.go | 5 ++++- + pkg/action/pull.go | 7 +++++++ + pkg/action/push.go | 16 +++++++++++++++- + pkg/registry/client.go | 32 ++++++++++++++++++++++++++++++++ + 4 files changed, 58 insertions(+), 2 deletions(-) + +diff --git a/cmd/helm/push.go b/cmd/helm/push.go +index b1e3e60a..6d2a4c6b 100644 +--- a/cmd/helm/push.go ++++ b/cmd/helm/push.go +@@ -39,6 +39,7 @@ type registryPushOptions struct { + keyFile string + caFile string + insecureSkipTLSverify bool ++ plainHTTP bool + } + + func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { +@@ -77,7 +78,8 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { + client := action.NewPushWithOpts(action.WithPushConfig(cfg), + action.WithTLSClientConfig(o.certFile, o.keyFile, o.caFile), + action.WithInsecureSkipTLSVerify(o.insecureSkipTLSverify), +- action.WithPushOptWriter(out)) ++ action.WithPushOptWriter(out), ++ action.WithPlainHTTP(o.plainHTTP)) + client.Settings = settings + output, err := client.Run(chartRef, remote) + if err != nil { +@@ -93,6 +95,7 @@ func newPushCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { + f.StringVar(&o.keyFile, "key-file", "", "identify registry client using this SSL key file") + f.StringVar(&o.caFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") + f.BoolVar(&o.insecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart upload") ++ f.BoolVar(&o.plainHTTP, "plain-http", false, "use plain http and not https to connect oci registry") + + return cmd + } +diff --git a/pkg/action/pull.go b/pkg/action/pull.go +index 37ff144d..a7672008 100644 +--- a/pkg/action/pull.go ++++ b/pkg/action/pull.go +@@ -45,6 +45,7 @@ type Pull struct { + VerifyLater bool + UntarDir string + DestDir string ++ PlainHTTP bool + cfg *Configuration + } + +@@ -80,6 +81,12 @@ func (p *Pull) SetRegistryClient(client *registry.Client) { + func (p *Pull) Run(chartRef string) (string, error) { + var out strings.Builder + ++ if p.InsecureSkipTLSverify || p.PlainHTTP { ++ if err := p.cfg.RegistryClient.WithResolver(p.InsecureSkipTLSverify, p.PlainHTTP); err != nil { ++ return out.String(), err ++ } ++ } ++ + c := downloader.ChartDownloader{ + Out: &out, + Keyring: p.Keyring, +diff --git a/pkg/action/push.go b/pkg/action/push.go +index 89200640..f456cf98 100644 +--- a/pkg/action/push.go ++++ b/pkg/action/push.go +@@ -37,6 +37,7 @@ type Push struct { + caFile string + insecureSkipTLSverify bool + out io.Writer ++ plainHTTP bool + } + + // PushOpt is a type of function that sets options for a push action. +@@ -65,13 +66,20 @@ func WithInsecureSkipTLSVerify(insecureSkipTLSVerify bool) PushOpt { + } + } + +-// WithOptWriter sets the registryOut field on the push configuration object. ++// WithPushOptWriter sets the registryOut field on the push configuration object. + func WithPushOptWriter(out io.Writer) PushOpt { + return func(p *Push) { + p.out = out + } + } + ++// WithPlainHTTP determines if connection to the OCI registry happens via HTTP or HTTPS. ++func WithPlainHTTP(plainHTTP bool) PushOpt { ++ return func(p *Push) { ++ p.plainHTTP = plainHTTP ++ } ++} ++ + // NewPushWithOpts creates a new push, with configuration options. + func NewPushWithOpts(opts ...PushOpt) *Push { + p := &Push{} +@@ -85,6 +93,12 @@ func NewPushWithOpts(opts ...PushOpt) *Push { + func (p *Push) Run(chartRef string, remote string) (string, error) { + var out strings.Builder + ++ if p.insecureSkipTLSverify || p.plainHTTP { ++ if err := p.cfg.RegistryClient.WithResolver(p.insecureSkipTLSverify, p.plainHTTP); err != nil { ++ return out.String(), err ++ } ++ } ++ + c := uploader.ChartUploader{ + Out: &out, + Pushers: pusher.All(p.Settings), +diff --git a/pkg/registry/client.go b/pkg/registry/client.go +index f9569b62..1afcdd0e 100644 +--- a/pkg/registry/client.go ++++ b/pkg/registry/client.go +@@ -18,6 +18,7 @@ package registry // import "helm.sh/helm/v3/pkg/registry" + + import ( + "context" ++ "crypto/tls" + "encoding/json" + "fmt" + "io" +@@ -177,6 +178,37 @@ func ClientOptHTTPClient(httpClient *http.Client) ClientOption { + } + } + ++func (c *Client) newResolver(insecure, plainHTTP bool) (remotes.Resolver, error) { ++ headers := http.Header{} ++ headers.Set("User-Agent", version.GetUserAgent()) ++ opts := []auth.ResolverOption{auth.WithResolverHeaders(headers)} ++ ++ if insecure { ++ httpClient := http.DefaultClient ++ httpClient.Transport = &http.Transport{ ++ TLSClientConfig: &tls.Config{ ++ InsecureSkipVerify: true, ++ }, ++ Proxy: http.ProxyFromEnvironment, ++ } ++ opts = append(opts, auth.WithResolverClient(httpClient)) ++ } ++ if plainHTTP { ++ opts = append(opts, auth.WithResolverPlainHTTP()) ++ } ++ ++ return c.authorizer.ResolverWithOpts(opts...) ++} ++ ++func (c *Client) WithResolver(insecure, plainHTTP bool) error { ++ resolver, err := c.newResolver(insecure, plainHTTP) ++ if err != nil { ++ return err ++ } ++ c.resolver = resolver ++ return nil ++} ++ + type ( + // LoginOption allows specifying various settings on login + LoginOption func(*loginOperation) +-- +2.39.2 diff --git a/projects/helm/helm/patches/0002-Install-or-upgrade-supports-OCI-insecure-registry.patch b/projects/helm/helm/patches/0002-Install-or-upgrade-supports-OCI-insecure-registry.patch new file mode 100644 index 0000000000..33d1f2a675 --- /dev/null +++ b/projects/helm/helm/patches/0002-Install-or-upgrade-supports-OCI-insecure-registry.patch @@ -0,0 +1,63 @@ +From 29eb89358376414bfbc9b169475d38e8cbfb7e84 Mon Sep 17 00:00:00 2001 +From: pytimer +Date: Fri, 25 Feb 2022 17:34:53 +0800 +Subject: [PATCH 2/3] Install or upgrade supports OCI insecure registry + +Signed-off-by: pytimer +--- + cmd/helm/flags.go | 1 + + pkg/action/install.go | 7 +++++++ + pkg/registry/client.go | 1 - + 3 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/cmd/helm/flags.go b/cmd/helm/flags.go +index 3f89aae2..56c8c4bc 100644 +--- a/cmd/helm/flags.go ++++ b/cmd/helm/flags.go +@@ -63,6 +63,7 @@ func addChartPathOptionsFlags(f *pflag.FlagSet, c *action.ChartPathOptions) { + f.BoolVar(&c.InsecureSkipTLSverify, "insecure-skip-tls-verify", false, "skip tls certificate checks for the chart download") + f.StringVar(&c.CaFile, "ca-file", "", "verify certificates of HTTPS-enabled servers using this CA bundle") + f.BoolVar(&c.PassCredentialsAll, "pass-credentials", false, "pass credentials to all domains") ++ f.BoolVar(&c.PlainHTTP, "plain-http", false, "use plain http to connect oci registry") + } + + // bindOutputFlag will add the output flag to the given command and bind the +diff --git a/pkg/action/install.go b/pkg/action/install.go +index d5c34cef..51bf1291 100644 +--- a/pkg/action/install.go ++++ b/pkg/action/install.go +@@ -121,6 +121,7 @@ type ChartPathOptions struct { + Username string // --username + Verify bool // --verify + Version string // --version ++ PlainHTTP bool // --plain-http + + // registryClient provides a registry client but is not added with + // options from a flag +@@ -725,6 +726,12 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( + return name, errors.Errorf("path %q not found", name) + } + ++ if c.InsecureSkipTLSverify { ++ if err := c.registryClient.WithResolver(c.InsecureSkipTLSverify, c.PlainHTTP); err != nil { ++ return "", err ++ } ++ } ++ + dl := downloader.ChartDownloader{ + Out: os.Stdout, + Keyring: c.Keyring, +diff --git a/pkg/registry/client.go b/pkg/registry/client.go +index 1afcdd0e..3a5ff75a 100644 +--- a/pkg/registry/client.go ++++ b/pkg/registry/client.go +@@ -189,7 +189,6 @@ func (c *Client) newResolver(insecure, plainHTTP bool) (remotes.Resolver, error) + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, +- Proxy: http.ProxyFromEnvironment, + } + opts = append(opts, auth.WithResolverClient(httpClient)) + } +-- +2.39.2 diff --git a/projects/helm/helm/patches/0003-Set-proxy-environment-in-HTTP-client.patch b/projects/helm/helm/patches/0003-Set-proxy-environment-in-HTTP-client.patch new file mode 100644 index 0000000000..0ad19a88fb --- /dev/null +++ b/projects/helm/helm/patches/0003-Set-proxy-environment-in-HTTP-client.patch @@ -0,0 +1,23 @@ +From a641de95394b104f4dc5b79f60522ee69230296e Mon Sep 17 00:00:00 2001 +From: Pooja Trivedi +Date: Thu, 4 Aug 2022 12:28:51 -0700 +Subject: [PATCH 3/3] Set proxy environment in HTTP client + +--- + pkg/registry/client.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pkg/registry/client.go b/pkg/registry/client.go +index 3a5ff75a..1afcdd0e 100644 +--- a/pkg/registry/client.go ++++ b/pkg/registry/client.go +@@ -189,6 +189,7 @@ func (c *Client) newResolver(insecure, plainHTTP bool) (remotes.Resolver, error) + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, ++ Proxy: http.ProxyFromEnvironment, + } + opts = append(opts, auth.WithResolverClient(httpClient)) + } +-- +2.39.2