Bump helm.sh/helm/v3 from 3.7.2 to 3.8.0

[dependabot]

Bumps helm.sh/helm/v3 from 3.7.2 to 3.8.0.

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm 3.8.0

v3.8.0

Helm v3.8.0 is a feature release. This release, we focused on OCI registries, support for Kubernetes 1.23, and more. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

• OCI registry support for charts is now generally available. It has graduated out of being an experiment. Some changes over Helm 3.7 include:
  • When setting a chart in the dependencies as OCI the version can be set to a range, like other dependencies
  • SemVer tags that include build information can be pushed and used. OCI registries don't support + as a tag character. Helm translates the + to _ when stored as a tag
  • helm registry login now follows the same structure as the Docker CLI for storing credentials. The same location for registry configuration can be passed to both Helm and the Docker CLI
• A --list-repo-url flag has been added to helm search hub to quickly show the repositories URL.
• Release names are validated during installation
• Added support for installing Helm on Windows via Cygwin
• Added support for Kubernetes 1.23

Installation and Upgrading

Download Helm v3.8.0. The common platform binaries are here:

• MacOS amd64 (checksum / 532ddd6213891084873e5c2dcafa577f425ca662a6594a3389e288fc48dc2089)
• MacOS arm64 (checksum / 751348f1a4a876ffe089fd68df6aea310fd05fe3b163ab76aa62632e327122f3)
• Linux amd64 (checksum / 8408c91e846c5b9ba15eb6b1a5a79fc22dd4d33ac6ea63388e5698d1b2320c8b)
• Linux arm (checksum / 05e900d0688edd8d455e0d4c51b419cd2b10120d485be7a1262582f51c92e941)
• Linux arm64 (checksum / 23e08035dc0106fe4e0bd85800fd795b2b9ecd9f32187aa16c49b0a917105161)
• Linux i386 (checksum / ed845e2e2631eddf526cab606f023fded03c5b99175f7cacd5edcd41800c7e45)
• Linux ppc64le (checksum / 5070fa5188e7bc798dd54bc1ea9fc4cda623d9ff45eedb05ec93db234309f391)
• Linux s390x (checksum / f8088ea57290fcc0aae50e2075c1adc258247cdf55169e9a9ca7762a64f558db)
• Windows amd64 (checksum / d52e0cda6c4cc0e0717d5161ca1ba7a8d446437afdbe42b3c565c145ac752888)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.8.1 will contain only bug fixes and be released on March 09, 2022.
• 3.9.0 is the next feature release and will be released on May 11, 2022.

Changelog

• Limits need to call tag API when explicit version specified d14138609b01886f544b2025f5000351c9eb092e (Andrew Block)

... (truncated)

Commits

• d141386 Limits need to call tag API when explicit version specified
• d493f29 bump version to v3.8.0
• c137bfb Merge pull request #10546 from dperaza4dustbit/move_oci_out_experimental
• 9661e39 Moving uploader and pusher out of action into pkg
• 7cab1a0 Move all the remainder module out of experimental.
• 9f869c6 Removing all the checks for oci experimental flag
• 91a46ad move paths for updated directory location
• 353d74e refactor internal/experimental/registry to pkg/registry
• a27c468 Merge pull request #10547 from mattfarina/fix-panic
• 548ec55 Fix panic with OCI for install, upgrade, and show
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[antgamdia]

I've been having a look at the changes in this version. The most important one is that they move the OCI support out of the experimental folder, meaning we no longer need to "copy" the Helm code to get OCI support.

However, in this movement, they have implemented limited 3rd party devs interface. For example: configuring an OCI registry client:

		credentialsFile    string
		out                io.Writer
		authorizer         auth.Client
		registryAuthorizer *registryauth.Client
		resolver           remotes.Resolver

Source: https://github.com/helm/helm/blob/main/pkg/registry/client.go#L160

those fields are unexported, meaning you have to use the NewClient functions. However, you are limited to the ClientOption they define (for instance, you can't just pass the containerd resolver as we were doing in the past.
Moreover, regarding the login, they force you to do client.Login(.....) passing one of the LoginOption they support, meaning you're forced to use LoginOptBasicAuth(username, password) . That is: we won't be able to directly pass any Authentication header, so we are limited to a basic auth flow.

At this point, I can think of different alternatives:

1. Do nothing
2. Upgrade to Helm 3.8 and continue using the borrowed 3.7.1-helm code for our OCI support.
   1. Forever
   2. Wait until a 3.8.X is released hoping they improve the interface
   3. Implement what we need in the Helm code and send a PR
3. Upgrade to Helm 3.8 and refactor our code now to comply with the new Helm approach
4. Upgrade to Helm 3.8 BUT bypass the Helm code for OCI: develop our implementation just based upon oras-go and containerd

My 2cents... given the current bandwidth and current prioritization of OCI things I'd rather go with 2.ii.

Edit: I've performed the required changes for the 2.ii option, mainly adapting the Pull function in Helm and removing those lines not useful for what we are fetching.

[antgamdia]

The command go mod tidy insists on updating these deps to this version (which is the one Helm uses). However, it does not really affect us since we are overriding the actual version in the replace section.
Given our code is ready to use post-k8s-1.21 deprecations, I'd bet it's safe to update to 1.23 as soon as it becomes available in GKE.

[absoludity]

4. ``

My 2cents... given the current bandwidth and current prioritization of OCI things I'd rather go with 2.ii.

Edit: I've performed the required changes for the 2.ii option, mainly adapting the Pull function in Helm and removing those lines not useful for what we are fetching.

+1 for something in between 2.ii and 2.iii: if you haven't already, it'd be worth creating an issue to begin the conversation upstream and see whether it's something they're keen to do or at least see done.

[absoludity]

Here would be an ideal spot to reference an upstream issue discussing this.

[antgamdia]

t'd be worth creating an issue to begin the conversation upstream and see whether it's something they're keen to do or at least see done.

Done: helm/helm#10623