Skip to content

Upgrade Helm to v4.0.4 #1953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
matheuscscp merged 3 commits into from
Jan 12, 2026
Merged

Upgrade Helm to v4.0.4 #1953

matheuscscp merged 3 commits into from
Jan 12, 2026

Conversation

@matheuscscp
Copy link
Member

@matheuscscp matheuscscp commented Jan 7, 2026
edited
Loading

@matheuscscp matheuscscp added area/helm Helm related issues and pull requests dependencies Pull requests that update a dependency labels Jan 7, 2026
@matheuscscp matheuscscp force-pushed the helm4 branch 3 times, most recently from a0ce7e2 to b5e017c Compare January 7, 2026 16:05
@matheuscscp
Copy link
Member Author

matheuscscp commented Jan 8, 2026

I have tested this:

  • In a cluster with 18 HelmReleases from OCIRepository charts.
  • With a simple HelmRelease that has .spec.chart pointing to a GitRepository.
  • With a HelmRelease for kube-prometheus-stack OCI chart version 69.8.2 vendored into a GitRepository (also using .spec.chart). In this case all the subcharts were also vendored into the GitRepository.
  • With a HelmRelease for kube-prometheus-stack using the upstream HTTPS repo, chart version 80.13.2.
  • With a HelmRelease for kube-prometheus-stack vendored into a GitRepository from the upstream Git repository. In this case the subcharts were pulled by source-controller.

I will still test this with a HelmRepository type oci and TLS.

@matheuscscp
Copy link
Member Author

matheuscscp commented Jan 11, 2026

Turns out that the login-touches-disk semantics still exists in Helm 4. The only difference is that an empty file now errors out. In Helm 3.19 they fixed this error (for backwards compatibility) by writing a {} file themselves. Helm 4 .Login() still stores the credentials, and expects the file not to be empty, it must have at least {} inside (so the oras-v2 JSON parsing does not error out).

The good news is that the only operation we actually use from Helm's OCI client is .Tags(), and this operation only needs an authorizer to be set, which can be done through the ClientOptAuthorizer() API! So our best course of action here is to remove login semantics altogether and just use this API.

I will update the PR after these facts.

@matheuscscp matheuscscp force-pushed the helm4 branch 3 times, most recently from 8e14ed8 to 92242a0 Compare January 12, 2026 12:28
@matheuscscp
Upgrade Helm to v4.0.4
039a461 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
@matheuscscp
Upgrade fluxcd/pkg/git to v0.39.0
f00636d 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
@matheuscscp
Remove unused functions and function arguments
e7b511d 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
@matheuscscp
Copy link
Member Author

matheuscscp commented Jan 12, 2026

I will still test this with a HelmRepository type oci and TLS.

We now have two tests that prove this is working:

  • HTTPS With CA cert and client cert auth
  • HTTPS With CA cert and client cert auth, invalid key

@matheuscscp matheuscscp marked this pull request as ready for review January 12, 2026 12:54
stefanprodan
stefanprodan approved these changes Jan 12, 2026
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @matheuscscp 🥇

@matheuscscp matheuscscp merged commit 008e0db into main Jan 12, 2026
6 checks passed
@matheuscscp matheuscscp deleted the helm4 branch January 12, 2026 14:44
@matheuscscp matheuscscp mentioned this pull request Jan 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

Assignees

No one assigned

Labels

area/helm Helm related issues and pull requests dependencies Pull requests that update a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matheuscscp @stefanprodan