chore: set SSA field manager on helm v4 kube package (instead of v3) to match Zarf

[emoskito]

Description

Set SSA field manager on Helm v4 kube package (instead of v3) to match Zarf. Even though it's currently setting it for the v3 package, uds-cli behaves as expected, so this isn't something we need to release right away.

Related Issue

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Other (security config, docs update, etc)

Checklist before merging

• Test, docs, adr added or updated as needed
• Contributor Guide Steps followed

[emoskito]

Testing:

• Deploy init:v0.74.0 (with SSA):

  uds-bundle.yaml:

  kind: UDSBundle
  metadata:
    name: initonly
    version: 0.0.1
  
  packages:
    - name: init
      repository: ghcr.io/zarf-dev/packages/init
      ref: v0.74.0

   ➜  init-only git:(fix/ssa-field-manager-helm-v4) ✗ ../../build/uds-mac-apple deploy uds-bundle-initonly-arm64-0.0.1.tar.zst -c                   
   
    NOTE  Saving log file to
          /var/folders/2d/0b20bdwx43j99gvfd77c68080000gp/T/uds-2026-03-20-14-31-42-1193217915.log
   
                                                                                                         
     🎁 BUNDLE DEFINITION                                                                                
                                                                                                         
    Metadata:   information about this bundle
   
   name: initonly
   version: 0.0.1
   architecture: arm64
   
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
    Build:   info about the machine, UDS version, and the user that created this bundle
   
   terminal: K4T39J3646
   user: erickson
   architecture: arm64
   timestamp: Fri, 20 Mar 2026 14:30:50 -0700
   version: v0.30.0
   
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
    Packages:   definition of packages this bundle deploys, including variable overrides
   
   name: init
   ref: v0.74.0@sha256:0fe936bd879dcc634297cdd63762b7fdbaa6421c39045c8ea3b0f145714b37d4
   repo: ghcr.io/zarf-dev/packages/init
   
   overrides: []
   
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
     ✔  Loaded bundled Zarf package: init                                                                                                                                                                                                                                                                                                 
   2026-03-20 14:31:43 INF starting deploy package=init
   2026-03-20 14:31:43 INF deploying component name=zarf-injector
   2026-03-20 14:31:43 INF copying files count=1
   2026-03-20 14:31:43 INF loading file name=###ZARF_TEMP###/zarf-injector
   2026-03-20 14:31:43 INF waiting for cluster connection
   2026-03-20 14:31:45 INF creating Zarf injector resources
   2026-03-20 14:31:45 INF adding archived binary configmaps of registry image to the cluster
   2026-03-20 14:31:55 INF deploying component name=zarf-seed-registry
   2026-03-20 14:31:56 INF processing Helm chart name=docker-registry version=1.0.1 source=Zarf-generated
   2026-03-20 14:31:56 INF performing Helm install chart=docker-registry
   2026-03-20 14:32:00 INF running health checks chart=docker-registry
   2026-03-20 14:32:07 INF deploying component name=zarf-registry
   2026-03-20 14:32:07 INF pushing image name=docker.io/library/registry:3.0.0
   2026-03-20 14:32:08 INF pushing image name=docker.io/alpine/socat:1.8.0.3
   2026-03-20 14:32:09 INF done pushing images count=2 duration=1.4s
   2026-03-20 14:32:09 INF processing Helm chart name=docker-registry version=1.0.1 source=Zarf-generated
   2026-03-20 14:32:09 INF performing Helm upgrade chart=docker-registry
   2026-03-20 14:32:11 INF running health checks chart=docker-registry
   2026-03-20 14:32:14 INF processing Helm chart name=raw-init-zarf-registry-registry-connect version=0.1.1774042302 source=Zarf-generated
   2026-03-20 14:32:14 INF performing Helm install chart=raw-init-zarf-registry-registry-connect
   2026-03-20 14:32:14 INF running health checks chart=raw-init-zarf-registry-registry-connect
   2026-03-20 14:32:14 INF processing Helm chart name=raw-init-zarf-registry-kep-1755-registry-annotation version=0.1.1774042302 source=Zarf-generated
   2026-03-20 14:32:14 INF performing Helm install chart=raw-init-zarf-registry-kep-1755-registry-annotation
   2026-03-20 14:32:14 INF running health checks chart=raw-init-zarf-registry-kep-1755-registry-annotation
   2026-03-20 14:32:14 INF deploying component name=zarf-agent
   2026-03-20 14:32:14 INF pushing image name=ghcr.io/zarf-dev/zarf/agent:v0.74.0
   2026-03-20 14:32:15 INF done pushing images count=1 duration=1.1s
   2026-03-20 14:32:15 INF processing Helm chart name=zarf-agent version=0.1.0 source=Zarf-generated
   2026-03-20 14:32:15 INF performing Helm install chart=zarf-agent
   2026-03-20 14:32:18 INF running health checks chart=zarf-agent

• Force Helm SSA Conflict via Kubectl:

  ➜  play git:(chore/remove-invalid-flaky-unit-test) ✗ kubectl get all -n zarf -o json --show-managed-fields | jq '[.items[] | select(.metadata.name == "zarf-docker-registry" and .kind == "Deployment") | {kind: .kind, name:         
    .metadata.name, managers: [.metadata.managedFields[].manager]}]'
  [
    {
      "kind": "Deployment",
      "name": "zarf-docker-registry",
      "managers": [
        "zarf",
        "k3s"
      ]
    }
  ]
  ➜  play git:(chore/remove-invalid-flaky-unit-test) ✗ kubectl apply -f - -n zarf --server-side --field-manager="outside-operator" --force-conflicts <<EOFapiVersion: apps/v1                                
  kind: Deployment                                                  
  metadata:              
    name: zarf-docker-registry
    labels:
      app.kubernetes.io/managed-by: "erickson"
  EOF
  deployment.apps/zarf-docker-registry serverside-applied
  ➜  play git:(chore/remove-invalid-flaky-unit-test) ✗ kubectl get all -n zarf -o json --show-managed-fields | jq '[.items[] | select(.metadata.name == "zarf-docker-registry" and .kind == "Deployment") | {kind: .kind, name:
    .metadata.name, managers: [.metadata.managedFields[].manager]}]'
  [
    {
      "kind": "Deployment",
      "name": "zarf-docker-registry",
      "managers": [
        "zarf",
        "outside-operator",
        "k3s"
      ]
    }
  ]

• Try to deploy normally again - FAILS due to SSA conflict:

  ➜  init-only git:(fix/ssa-field-manager-helm-v4) ✗ ../../build/uds-mac-apple deploy uds-bundle-initonly-arm64-0.0.1.tar.zst -c
  
   NOTE  Saving log file to
         /var/folders/2d/0b20bdwx43j99gvfd77c68080000gp/T/uds-2026-03-20-14-40-00-3475279918.log
  
                                                                                                        
    🎁 BUNDLE DEFINITION                                                                                
                                                                                                        
   Metadata:   information about this bundle
  
  name: initonly
  version: 0.0.1
  architecture: arm64
  
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
   Build:   info about the machine, UDS version, and the user that created this bundle
  
  terminal: K4T39J3646
  user: erickson
  architecture: arm64
  timestamp: Fri, 20 Mar 2026 14:30:50 -0700
  version: v0.30.0
  
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
   Packages:   definition of packages this bundle deploys, including variable overrides
  
  name: init
  ref: v0.74.0@sha256:0fe936bd879dcc634297cdd63762b7fdbaa6421c39045c8ea3b0f145714b37d4
  repo: ghcr.io/zarf-dev/packages/init
  
  overrides: []
  
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
    ✔  Loaded bundled Zarf package: init                                                                                                                           
  2026-03-20 14:40:01 INF starting deploy package=init
  2026-03-20 14:40:01 INF deploying component name=zarf-injector
  2026-03-20 14:40:01 INF copying files count=1
  2026-03-20 14:40:01 INF loading file name=###ZARF_TEMP###/zarf-injector
  2026-03-20 14:40:01 INF waiting for cluster connection
  2026-03-20 14:40:03 INF creating Zarf injector resources
  2026-03-20 14:40:03 INF adding archived binary configmaps of registry image to the cluster
  2026-03-20 14:40:14 INF deploying component name=zarf-seed-registry
  2026-03-20 14:40:14 INF processing Helm chart name=docker-registry version=1.0.1 source=Zarf-generated
  2026-03-20 14:40:14 INF performing Helm upgrade chart=docker-registry
  2026-03-20 14:40:14 WRN upgrade failed name=zarf-docker-registry error=conflict occurred while applying object zarf/zarf-docker-registry apps/v1, Kind=Deployment: Apply failed with 1 conflict: conflict with "outside-operator": .metadata.labels.app.kubernetes.io/managed-by
  2026-03-20 14:40:14 INF performing Helm rollback chart=docker-registry
  2026-03-20 14:40:14 WRN Rollback "zarf-docker-registry" failed: conflict occurred while applying object zarf/zarf-docker-registry apps/v1, Kind=Deployment: Apply failed with 1 conflict: conflict with "outside-operator": .metadata.labels.app.kubernetes.io/managed-by
       ERROR:  failed to deploy bundle: unable to deploy component "zarf-seed-registry": unable to install chart conflict occurred while applying object zarf/zarf-docker-registry apps/v1, Kind=Deployment: Apply failed with 1 conflict: conflict with "outside-operator": .metadata.labels.app.kubernetes.io/managed-by: if you need to remove the failed chart, use `zarf package remove`: unable to rollback: an error occurred while cleaning up resources. original rollback error: unable to cleanup resources: object not found, skipping delete: no objects visited

• Try to deploy with --force-conflicts SUCCEEDS:

  ➜  init-only git:(fix/ssa-field-manager-helm-v4) ✗ ../../build/uds-mac-apple deploy uds-bundle-initonly-arm64-0.0.1.tar.zst -c --force-conflicts
  
   NOTE  Saving log file to
         /var/folders/2d/0b20bdwx43j99gvfd77c68080000gp/T/uds-2026-03-20-14-41-39-642142898.log
  
                                                                                                        
    🎁 BUNDLE DEFINITION                                                                                
                                                                                                        
   Metadata:   information about this bundle
  
  name: initonly
  version: 0.0.1
  architecture: arm64
  
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
   Build:   info about the machine, UDS version, and the user that created this bundle
  
  terminal: K4T39J3646
  user: erickson
  architecture: arm64
  timestamp: Fri, 20 Mar 2026 14:30:50 -0700
  version: v0.30.0
  
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
   Packages:   definition of packages this bundle deploys, including variable overrides
  
  name: init
  ref: v0.74.0@sha256:0fe936bd879dcc634297cdd63762b7fdbaa6421c39045c8ea3b0f145714b37d4
  repo: ghcr.io/zarf-dev/packages/init
  
  overrides: []
  
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
    ✔  Loaded bundled Zarf package: init                                                                                                                           
  2026-03-20 14:41:40 INF starting deploy package=init
  2026-03-20 14:41:40 INF deploying component name=zarf-injector
  2026-03-20 14:41:40 INF copying files count=1
  2026-03-20 14:41:40 INF loading file name=###ZARF_TEMP###/zarf-injector
  2026-03-20 14:41:40 INF waiting for cluster connection
  2026-03-20 14:41:44 INF creating Zarf injector resources
  2026-03-20 14:41:44 INF adding archived binary configmaps of registry image to the cluster
  2026-03-20 14:41:55 INF deploying component name=zarf-seed-registry
  2026-03-20 14:41:55 INF processing Helm chart name=docker-registry version=1.0.1 source=Zarf-generated
  2026-03-20 14:41:55 INF performing Helm upgrade chart=docker-registry
  2026-03-20 14:41:58 INF running health checks chart=docker-registry
  2026-03-20 14:42:04 INF deploying component name=zarf-registry
  2026-03-20 14:42:04 INF pushing image name=docker.io/library/registry:3.0.0
  2026-03-20 14:42:05 INF pushing image name=docker.io/alpine/socat:1.8.0.3
  2026-03-20 14:42:05 INF done pushing images count=2 duration=700ms
  2026-03-20 14:42:05 INF processing Helm chart name=docker-registry version=1.0.1 source=Zarf-generated
  2026-03-20 14:42:05 INF performing Helm upgrade chart=docker-registry
  2026-03-20 14:42:07 INF running health checks chart=docker-registry
  2026-03-20 14:42:11 INF processing Helm chart name=raw-init-zarf-registry-registry-connect version=0.1.1774042899 source=Zarf-generated
  2026-03-20 14:42:11 INF performing Helm upgrade chart=raw-init-zarf-registry-registry-connect
  2026-03-20 14:42:11 INF running health checks chart=raw-init-zarf-registry-registry-connect
  2026-03-20 14:42:11 INF processing Helm chart name=raw-init-zarf-registry-kep-1755-registry-annotation version=0.1.1774042899 source=Zarf-generated
  2026-03-20 14:42:11 INF performing Helm upgrade chart=raw-init-zarf-registry-kep-1755-registry-annotation
  2026-03-20 14:42:11 INF running health checks chart=raw-init-zarf-registry-kep-1755-registry-annotation
  2026-03-20 14:42:11 INF deploying component name=zarf-agent
  2026-03-20 14:42:11 INF pushing image name=ghcr.io/zarf-dev/zarf/agent:v0.74.0
  2026-03-20 14:42:12 INF done pushing images count=1 duration=600ms
  2026-03-20 14:42:12 INF processing Helm chart name=zarf-agent version=0.1.0 source=Zarf-generated
  2026-03-20 14:42:12 INF performing Helm upgrade chart=zarf-agent
  2026-03-20 14:42:13 INF running health checks chart=zarf-agent