~/.helm required

[james-callahan]

Describe the bug

khelm for helm2 seems to require a writable ~/.helm directory

Running khelm 1.0.0-beta.5-e73b021 (helm 2.17.0) khelm: load chart ./charts/drone: init temp repositories.yaml: initialize helm home: mkdir /home/argocd/.helm: read-only file system

Expected behavior
Not try to create a directory in $HOME.... or anywhere outside of a temporary directory in e.g. /tmp
I don't expect it to have any persistence.

khelm version:
1.0.0-beta.5-e73b021 (helm 2.17.0)

Desktop (please complete the following information):

• OS: linux

Additional context
This was encountered when run as a kustomize plugin.

[mgoltzsche]

@james-callahan thanks for reporting the issue.

khelm uses the ~/.helm directory to cache chart dependencies. This is useful at least during development when working with it locally. Therefore, and because this is the original Helm behaviour, it makes sense to use this directory by default.

Would it solve your case to set the env var HELM_HOME=/tmp/helm?
(Using khelm 2 you could achieve the same by setting HELM_REPOSITORY_CACHE=/tmp/helm/cache.)

[james-callahan]

Would it solve your case to set the env var HELM_HOME=/tmp/helm?

Somewhat; I think it only really helps if I could create it every invocation.
Would it be possible to add a config variable (possibly on by default) to create throwaway HELM_HOME directories for each invocation?

[mgoltzsche]

I think it only really helps if I could create it every invocation.

Why do you think it would be disadvantageous if the HELM_HOME directory wouldn't be created in a different location every invocation?
A previous call's files (temp repository.yaml, repo indexes, cached charts) cannot leak into subsequent invocations because, when khelm generates a temporary repositories.yaml (which it always does if you didn't specify one explicitly) it does that within a new temporary directory every invocation anyway - the contents of HELM_HOME are just linked into that temporary directory. Furthermore, if your chart doesn't specify dependencies, the HELM_HOME directory is always empty anyway so that nothing can leak there either (Helm 2 just always requires these directories and the repositories.yaml to be present which is why those are always written into a new temp dir internally). In case your chart specifies dependencies those are cached within the HELM_HOME directory permanently but in a consistent, non-leaking way because each chart's cache file path contains the hash sum of the chart contents itself.
(Though due to caching it would be possible in theory that, if a chart's version is replaced within a remote Helm repository between two khelm invocations, the 2nd invocation still uses the previous version of that chart if the chart version is specified explicitly and does not contain a version range because in this case khelm does not reload the repository index and therefore uses the chart's previous hash sum to resolve it within the local cache. To my knowledge this is the only case where stuff could become inconsistent. If that concerns you we could introduce an option to disable caching (of the repo index file) completely I guess but in practice I don't think this is an issue because, once you publish a chart in a repo, it should have a unique version.)

Also I noticed that the original Helm code writes pretty much every file in a non-atomic manner. Therefore, if you kill Helm while it is writing a file, it will crash permanently every subsequent call until you manually remove the corrupted file.
However this cannot happen with khelm since it lets Helm write into temporary directories before moving the result into the final location atomically and, when building a local chart, it removes the tmp_charts directory (Helm creates temporarily) if it is present to prevent Helm from failing if it ran into a bad code branch previously where it didn't clean up that directory.

As you can see I've put a lot of brain cells into making khelm not only faster and easier to use than Helm but also more consistent and resilient 😉.

Does this explanation eliminate your anxiety?
If not, please explain why you'd still like to create a new temporary HELM_HOME directory every khelm invocation.

[mgoltzsche]

If this is still an issue, feel free to reopen.