Chart dependancies do not allow for an index to contain the same chart from two providers

[mmulholla]

Chart dependencies do not allow for a repository in which multiple vendors provide the same chart.

A chart dependency is set for example:

dependencies: # A list of the chart requirements (optional)

• name: nginx
  version: 1.1.0
  repository: "https://example.com/charts"

When the dependencies are built the helm code searches the repository index file using the name as a key

helm/pkg/downloader/manager.go

Line 316 in 823d929

churl, username, password, insecureskiptlsverify, passcredentialsall, caFile, certFile, keyFile, err := m.findChartURL(dep.Name, dep.Version, dep.Repository, repos)

Once the key is found the version is matched to find the chart-url

helm/pkg/downloader/manager.go

Line 715 in 823d929

entry, err = findEntryByName(name, cr)

During install the name is also expected to be the name of the chart as specified in chart.yaml

This is a problem if a repository enables multiple vendors to provide the same chart by including the provider in the index key or as an attribute of the index entry.

One possible solution would be to add a new optional attribute to the dependency definition, for example:

dependencies: # A list of the chart requirements (optional)

• name: nginx
  version: 1.1.0
  repository: "https://example.com/charts"
  index_key: acme-nginx

If the index_key, if set, is used to search the repository, otherwise name is used (as it is now).

[mattfarina]

The core issue here is when the key for the name of the chart in the index does not match the name inside the chart.

One option, that we could look in to is using the name field on the chartversion instead of the key that contains a slice of chartversions. The name should match but then the key could be different.

cc @technosophos

[mmulholla]

@mattfarina as a note checking in the name field only would not address the possibility of two providers adding the same chart to the same repository which is our original problem.

[mmulholla]

@mattfarina @technosophos any updates here? We are in need of a fix. I can write the code if we can agree a solution.

[bacongobbler]

Have you tried using aliases?

dependencies: # A list of the chart requirements (optional)
    - name: acme-nginx
      alias: nginx
      version: 1.1.0
      repository: "https://example.com/charts"

[mmulholla]

Have you tried using aliases?

dependencies: # A list of the chart requirements (optional)
    - name: acme-nginx
      alias: nginx
      version: 1.1.0
      repository: "https://example.com/charts"

yes, it has no effect on this issue

[mmulholla]

Met with @scottrigby to discuss the issue and Scott suggested the real issue was that install works rather than the dependency does not and there is at least a problem with inconsistency. Discussed with Scott a few ways we could alleviate the problem on our end and we are now looking into those. Most are breaking changes but maybe we can figure one without. However we sure don't want install to start breaking!

Big thank you to Scott for his time.

[github-actions]

This issue has been marked as stale because it has been open for 90 days with no activity. This thread will be automatically closed in 30 days if no further activity occurs.