Documentation
¶
Overview ¶
Package helmrelease implements the HelmReleaseController.
It listens for new HelmRelease objects and renders them via the helm SDK. The controller also maintains a chart-source index by listening for HelmRepository, OCIRepository, and GitRepository events: when an upstream source becomes Ready the helm client is told about it so subsequent template calls can resolve charts.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Controller ¶
type Controller struct {
*base.Controller
Helm *helm.Client
// Options applied to every template call.
Options helm.Options
// WipeSecrets controls whether secrets are wiped from rendered
// templates.
WipeSecrets bool
// contains filtered or unexported fields
}
Controller orchestrates HelmRelease reconciliation. Reconcile-shaping state (Filter, ParentOf) flows in via Configure exactly once before Start.
func New ¶
func New(s *store.Store, t *task.Service, h *helm.Client, opts helm.Options, wipeSecrets bool) *Controller
New constructs a HelmRelease controller.
func (*Controller) Configure ¶
func (c *Controller) Configure(opts ReconcileOptions)
Configure installs the post-bootstrap state. Panics if called after Start — encodes the invariant that reconcile-shaping config is read-only once dispatch begins.
func (*Controller) Start ¶
func (c *Controller) Start(ctx context.Context)
Start registers the listeners. The controller runs until Close. The HR controller only listens for HelmRelease and HelmChartSource (the chart-ref index) — source-kind events (HelmRepository, OCIRepository, GitRepository, Bucket, ExternalArtifact) are now consumed lazily by helm.Client through its SourceResolver against the canonical Store. One fewer push-registry to keep in sync.
type ReconcileOptions ¶
type ReconcileOptions struct {
Filter *change.Filter
ParentOf func(manifest.NamedResource) (manifest.NamedResource, bool)
// RenderTracker receives every source-kind child emitted during HR
// render. Mirrors kustomization.Options.RenderTracker; feeds the
// orchestrator's parent-provenance index (detectOrphans, parent
// resolver, ResourceSet attribution). Nil is OK — no-op.
RenderTracker RenderTracker
// Existence is the file-existence lookup the orchestrator wires
// against the loader's ExistenceIndex. depwait uses it to lazy-
// promote file-indexed deps (HelmRepository, OCIRepository,
// HelmChart, …) and to distinguish render-only deps from typo'd
// ones at the missing-dep grace boundary. See
// depwait.ExistenceLookup for the decision matrix. Forwarded
// to every Waiter built during reconcile.
Existence depwait.ExistenceLookup
// Renders is the quiescence signal the orchestrator wires
// against task.Service.ActiveCount. depwait's step-2 long wait
// short-circuits to "dependency not found" once Renders reports
// no other reconcile is in flight.
Renders depwait.RenderInflight
// PreflightFailure reports dependency-graph errors discovered by the
// orchestrator before reconcile. When set for an id, the controller
// marks the resource Failed and does not render it.
PreflightFailure func(manifest.NamedResource) (string, bool)
// AllowMissingSecrets omits non-optional valuesFrom refs that point
// at known live-cluster/generated data or fail to materialize offline.
AllowMissingSecrets bool
}
ReconcileOptions carries the post-bootstrap state the orchestrator wires onto the controller. Filter narrows reconciliation to changed HelmReleases (and their referenced sources/values) in changed-only mode. ParentOf resolves each HR to its enclosing KS at lookup time (combines the file-loaded path-prefix index with the runtime renderedSet); reconcile depwaits on the parent before rendering so spec patches (driftDetection / upgrade strategy / CRD policy at the cluster KS level, post-build substitutions, kustomize replacements) land before the first helm.Template call.
type RenderTracker ¶
type RenderTracker interface {
MarkRenderedBatch(parent manifest.NamedResource, children []manifest.NamedResource)
}
RenderTracker is the seam the controller uses to report "this child id was emitted by THIS parent HR's render" to the orchestrator. Nil is OK — the controller no-ops.
Mirrors kustomization.RenderTracker; the parent linkage feeds detectOrphans, the parent resolver, and ResourceSet extension attribution for charts that render source CRs (tofu-controller's OCIRepository pattern, ESO's HelmRepository fallback).
MarkRenderedBatch records multiple children under a single lock acquisition — used by the emit loop to avoid N round-trips on the renderedSet mutex when a render emits N source-kind children.
Source Files