Merge pull request #1384 from cappyzawa/issues/1381

Add ServerSideApply field to HelmRelease API

Author: matheuscscp

.github/workflows/e2e.yaml

@@ -63,6 +63,80 @@ jobs:
           kubectl -n helm-system wait helmreleases/podinfo-git --for=condition=ready --timeout=4m
           kubectl -n helm-system wait helmreleases/podinfo-oci --for=condition=ready --timeout=4m
           kubectl -n helm-system delete -f config/testdata/podinfo
+      - name: Run server-side apply test
+        run: |
+          test_name=server-side-apply
+          kubectl -n helm-system apply -f config/testdata/$test_name/install.yaml
+          kubectl -n helm-system wait helmreleases/$test_name --for=condition=ready --timeout=4m
+
+          # Verify the release is deployed with SSA.
+          APPLY_METHOD=$(kubectl -n helm-system get secret sh.helm.release.v1.$test_name.v1 -o jsonpath='{.data.release}' | base64 -d | base64 -d | gunzip | jq -r '.apply_method')
+          if [ "$APPLY_METHOD" != "ssa" ]; then
+            echo -e "Unexpected apply method: $APPLY_METHOD (expected: ssa)"
+            exit 1
+          fi
+
+          # Upgrade with SSA.
+          kubectl -n helm-system apply -f config/testdata/$test_name/upgrade.yaml
+          kubectl -n helm-system wait helmreleases/$test_name --for=condition=ready --timeout=4m
+
+          # Validate release was upgraded.
+          REVISION_COUNT=$(helm -n helm-system history -o json $test_name | jq 'length')
+          if [ "$REVISION_COUNT" != 2 ]; then
+            echo -e "Unexpected revision count: $REVISION_COUNT"
+            exit 1
+          fi
+
+          kubectl -n helm-system delete -f config/testdata/$test_name/install.yaml
+      - name: Run server-side apply rollback test
+        run: |
+          test_name=server-side-apply-rollback
+          kubectl -n helm-system apply -f config/testdata/server-side-apply/rollback-install.yaml
+          kubectl -n helm-system wait helmreleases/$test_name --for=condition=ready --timeout=4m
+
+          # Verify the release is deployed with SSA.
+          APPLY_METHOD=$(kubectl -n helm-system get secret sh.helm.release.v1.$test_name.v1 -o jsonpath='{.data.release}' | base64 -d | base64 -d | gunzip | jq -r '.apply_method')
+          if [ "$APPLY_METHOD" != "ssa" ]; then
+            echo -e "Unexpected apply method: $APPLY_METHOD (expected: ssa)"
+            exit 1
+          fi
+
+          # Upgrade with failing config to trigger rollback.
+          kubectl -n helm-system apply -f config/testdata/server-side-apply/rollback-upgrade.yaml
+          echo -n ">>> Waiting for rollback"
+          count=0
+          until [ 'true' == "$( kubectl -n helm-system get helmrelease/$test_name -o json | jq '.status.conditions | map( { (.type): .status } ) | add | .Released=="False" and .Ready=="False" and .Remediated=="True"' )" ]; do
+            echo -n '.'
+            sleep 5
+            count=$((count + 1))
+            if [[ ${count} -eq 24 ]]; then
+              echo ' No more retries left!'
+              exit 1
+            fi
+          done
+          echo ' done'
+
+          # Validate rollback happened with SSA (revision 3 = rollback to 1).
+          HISTORY=$(helm -n helm-system history -o json $test_name)
+          REVISION_COUNT=$(echo "$HISTORY" | jq 'length')
+          if [ "$REVISION_COUNT" != 3 ]; then
+            echo -e "Unexpected revision count: $REVISION_COUNT"
+            exit 1
+          fi
+          LAST_REVISION_DESCRIPTION=$(echo "$HISTORY" | jq -r 'last | .description')
+          if [ "$LAST_REVISION_DESCRIPTION" != "Rollback to 1" ]; then
+            echo -e "Unexpected last revision description: $LAST_REVISION_DESCRIPTION"
+            exit 1
+          fi
+
+          # Verify the rollback release used SSA.
+          APPLY_METHOD=$(kubectl -n helm-system get secret sh.helm.release.v1.$test_name.v3 -o jsonpath='{.data.release}' | base64 -d | base64 -d | gunzip | jq -r '.apply_method')
+          if [ "$APPLY_METHOD" != "ssa" ]; then
+            echo -e "Unexpected apply method after rollback: $APPLY_METHOD (expected: ssa)"
+            exit 1
+          fi
+
+          kubectl -n helm-system delete -f config/testdata/server-side-apply/rollback-install.yaml
       - name: Run dependency tests
         run: |
           kubectl -n helm-system apply -f config/testdata/dependencies

api/v2/helmrelease_types.go

@@ -541,6 +541,11 @@ type Install struct {
 	// On uninstall, the namespace will not be garbage collected.
 	// +optional
 	CreateNamespace bool `json:"createNamespace,omitempty"`
+
+	// ServerSideApply enables server-side apply for resources during install.
+	// Defaults to true (or false when UseHelm3Defaults feature gate is enabled).
+	// +optional
+	ServerSideApply *bool `json:"serverSideApply,omitempty"`
 }
 
 // GetTimeout returns the configured timeout for the Helm install action,
@@ -679,6 +684,21 @@ const (
 	CreateReplace CRDsPolicy = "CreateReplace"
 )
 
+// ServerSideApplyMode defines the server-side apply mode for Helm upgrade and
+// rollback actions.
+type ServerSideApplyMode string
+
+var (
+	// ServerSideApplyEnabled enables server-side apply for resources.
+	ServerSideApplyEnabled ServerSideApplyMode = "enabled"
+
+	// ServerSideApplyDisabled disables server-side apply for resources.
+	ServerSideApplyDisabled ServerSideApplyMode = "disabled"
+
+	// ServerSideApplyAuto uses the release's previous apply method.
+	ServerSideApplyAuto ServerSideApplyMode = "auto"
+)
+
 // Upgrade holds the configuration for Helm upgrade actions for this
 // HelmRelease.
 type Upgrade struct {
@@ -763,6 +783,14 @@ type Upgrade struct {
 	// +kubebuilder:validation:Enum=Skip;Create;CreateReplace
 	// +optional
 	CRDs CRDsPolicy `json:"crds,omitempty"`
+
+	// ServerSideApply enables server-side apply for resources during upgrade.
+	// Can be "enabled", "disabled", or "auto".
+	// When "auto", server-side apply usage will be based on the release's previous usage.
+	// Defaults to "auto".
+	// +kubebuilder:validation:Enum=enabled;disabled;auto
+	// +optional
+	ServerSideApply ServerSideApplyMode `json:"serverSideApply,omitempty"`
 }
 
 // GetTimeout returns the configured timeout for the Helm upgrade action, or the
@@ -1021,6 +1049,14 @@ type Rollback struct {
 	// rollback action when it fails.
 	// +optional
 	CleanupOnFail bool `json:"cleanupOnFail,omitempty"`
+
+	// ServerSideApply enables server-side apply for resources during rollback.
+	// Can be "enabled", "disabled", or "auto".
+	// When "auto", server-side apply usage will be based on the release's previous usage.
+	// Defaults to "auto".
+	// +kubebuilder:validation:Enum=enabled;disabled;auto
+	// +optional
+	ServerSideApply ServerSideApplyMode `json:"serverSideApply,omitempty"`
 }
 
 // GetTimeout returns the configured timeout for the Helm rollback action, or

api/v2/zz_generated.deepcopy.go

@@ -439,6 +439,11 @@ spec:
                       Replace tells the Helm install action to re-use the 'ReleaseName', but only
                       if that name is a deleted release which remains in the history.
                     type: boolean
+                  serverSideApply:
+                    description: |-
+                      ServerSideApply enables server-side apply for resources during install.
+                      Defaults to true (or false when UseHelm3Defaults feature gate is enabled).
+                    type: boolean
                   skipCRDs:
                     description: |-
                       SkipCRDs tells the Helm install action to not install any CRDs. By default,
@@ -727,6 +732,17 @@ spec:
                       warning if set to true. It will also be removed in a
                       future release.
                     type: boolean
+                  serverSideApply:
+                    description: |-
+                      ServerSideApply enables server-side apply for resources during rollback.
+                      Can be "enabled", "disabled", or "auto".
+                      When "auto", server-side apply usage will be based on the release's previous usage.
+                      Defaults to "auto".
+                    enum:
+                    - enabled
+                    - disabled
+                    - auto
+                    type: string
                   timeout:
                     description: |-
                       Timeout is the time to wait for any individual Kubernetes operation (like
@@ -945,6 +961,17 @@ spec:
                         - uninstall
                         type: string
                     type: object
+                  serverSideApply:
+                    description: |-
+                      ServerSideApply enables server-side apply for resources during upgrade.
+                      Can be "enabled", "disabled", or "auto".
+                      When "auto", server-side apply usage will be based on the release's previous usage.
+                      Defaults to "auto".
+                    enum:
+                    - enabled
+                    - disabled
+                    - auto
+                    type: string
                   strategy:
                     description: |-
                       Strategy defines the upgrade strategy to use for this HelmRelease.

config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml

@@ -0,0 +1,21 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: server-side-apply
+spec:
+  interval: 5m
+  install:
+    serverSideApply: true
+  chart:
+    spec:
+      chart: podinfo
+      version: '>=6.0.0 <7.0.0'
+      sourceRef:
+        kind: HelmRepository
+        name: podinfo
+      interval: 1m
+  values:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 64Mi

config/testdata/server-side-apply/install.yaml

@@ -0,0 +1,21 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: server-side-apply-rollback
+spec:
+  interval: 30s
+  install:
+    serverSideApply: true
+  chart:
+    spec:
+      chart: podinfo
+      version: '>=6.0.0 <7.0.0'
+      sourceRef:
+        kind: HelmRepository
+        name: podinfo
+      interval: 10m
+  values:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 64Mi

config/testdata/server-side-apply/rollback-install.yaml

@@ -0,0 +1,32 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: server-side-apply-rollback
+spec:
+  interval: 30s
+  install:
+    serverSideApply: true
+  upgrade:
+    serverSideApply: enabled
+    remediation:
+      remediateLastFailure: true
+  rollback:
+    serverSideApply: enabled
+  chart:
+    spec:
+      chart: podinfo
+      version: '>=6.0.0 <7.0.0'
+      sourceRef:
+        kind: HelmRepository
+        name: podinfo
+      interval: 10m
+  values:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 64Mi
+    # Make wait fail to trigger rollback
+    replicaCount: 2
+    faults:
+      unready: true
+  timeout: 3s

config/testdata/server-side-apply/rollback-upgrade.yaml

@@ -0,0 +1,24 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: server-side-apply
+spec:
+  interval: 5m
+  install:
+    serverSideApply: true
+  upgrade:
+    serverSideApply: enabled
+  chart:
+    spec:
+      chart: podinfo
+      version: '>=6.0.0 <7.0.0'
+      sourceRef:
+        kind: HelmRepository
+        name: podinfo
+      interval: 1m
+  values:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 64Mi
+    replicaCount: 2

config/testdata/server-side-apply/upgrade.yaml

@@ -2109,6 +2109,19 @@ HelmReleaseSpec.TargetNamespace if it does not exist yet.
 On uninstall, the namespace will not be garbage collected.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>serverSideApply</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ServerSideApply enables server-side apply for resources during install.
+Defaults to true (or false when UseHelm3Defaults feature gate is enabled).</p>
+</td>
+</tr>
 </tbody>
 </table>
 </div>
@@ -2449,10 +2462,36 @@ bool
 rollback action when it fails.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>serverSideApply</code><br>
+<em>
+<a href="#helm.toolkit.fluxcd.io/v2.ServerSideApplyMode">
+ServerSideApplyMode
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ServerSideApply enables server-side apply for resources during rollback.
+Can be &ldquo;enabled&rdquo;, &ldquo;disabled&rdquo;, or &ldquo;auto&rdquo;.
+When &ldquo;auto&rdquo;, server-side apply usage will be based on the release&rsquo;s previous usage.
+Defaults to &ldquo;auto&rdquo;.</p>
+</td>
+</tr>
 </tbody>
 </table>
 </div>
 </div>
+<h3 id="helm.toolkit.fluxcd.io/v2.ServerSideApplyMode">ServerSideApplyMode
+(<code>string</code> alias)</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#helm.toolkit.fluxcd.io/v2.Rollback">Rollback</a>, 
+<a href="#helm.toolkit.fluxcd.io/v2.Upgrade">Upgrade</a>)
+</p>
+<p>ServerSideApplyMode defines the server-side apply mode for Helm upgrade and
+rollback actions.</p>
 <h3 id="helm.toolkit.fluxcd.io/v2.Snapshot">Snapshot
 </h3>
 <p>Snapshot captures a point-in-time copy of the status information for a Helm release,
@@ -3098,6 +3137,23 @@ option users can opt-in to CRD upgrade, which is not (yet) natively supported by
 <a href="https://helm.sh/docs/chart_best_practices/custom_resource_definitions">https://helm.sh/docs/chart_best_practices/custom_resource_definitions</a>.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>serverSideApply</code><br>
+<em>
+<a href="#helm.toolkit.fluxcd.io/v2.ServerSideApplyMode">
+ServerSideApplyMode
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ServerSideApply enables server-side apply for resources during upgrade.
+Can be &ldquo;enabled&rdquo;, &ldquo;disabled&rdquo;, or &ldquo;auto&rdquo;.
+When &ldquo;auto&rdquo;, server-side apply usage will be based on the release&rsquo;s previous usage.
+Defaults to &ldquo;auto&rdquo;.</p>
+</td>
+</tr>
 </tbody>
 </table>
 </div>

docs/api/v2/helm.md

@@ -75,6 +75,9 @@ func newInstall(config *helmaction.Configuration, obj *v2.HelmRelease, opts []In
 	default:
 		install.ServerSideApply = true
 	}
+	if ssa := obj.GetInstall().ServerSideApply; ssa != nil {
+		install.ServerSideApply = *ssa
+	}
 
 	install.ReleaseName = release.ShortenName(obj.GetReleaseName())
 	install.Namespace = obj.GetReleaseNamespace()