Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

H4HIP: Forward compatibility: Chart.yaml minimumHelmVersion field #370

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
131 changes: 131 additions & 0 deletions hips/hip-XXXX.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
---
hip: 9999
title: "Forward compatibility: Chart.yaml minimumHelmVersion"
authors: [ "George Jenkins <[email protected]>" ]
created: "2024-11-18"
type: "feature"
status: "draft"
---

## Abstract

This HIP proposes supporting a `minimumHelmVersion` field in `Chart.yaml`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already have a property called KubeVersion to specify a range for Kubernetes support. Should this be called HelmVersion and accept a range in the same way? The range syntax being the same used elsewhere in Helm.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy to call the field HelmVersion (naming is hard :) )


I don't think we should/need to support anything for than a single, implied to be the minimum version, constraint however. I've addressed this here:

https://github.com/helm/community/pull/370/files#diff-e94b50b2c7a2d45c81db342448ae78950464d77488a62b315a2b715549fe1a95R95

That will allow Helm to directly error if the Helm version used to operate on the chart is below this version.
gjenkins8 marked this conversation as resolved.
Show resolved Hide resolved
This allows Helm to provide forward compatibility guarantees for Helm features/functionality over time.


## Motivation

Helm has no mechanism for a chart to declare the minimal version of Helm required for the chart to install/update correctly.
As such, it is invalid to release a chart that utilizes features/fixes included in newer versions of Helm.

At best, any incompatibility will be detected and there will be an explicit failure (and the user will be notified as an error).
gjenkins8 marked this conversation as resolved.
Show resolved Hide resolved
But potentially an incompatibility may go undetected, and no hard error will be presented.

While the hard-failure case is better, it still requires the user to debug and realize the failure is due to a version mismatch.
The second "soft-failure" case is much worse, as it could lead to unexpected behavior in the deployed chart application, likely requiring a much more involved debugging requirement and confusing user experience.

Providing a mechanism for a chart to prescribe the minimum versions of Helm for the chart's feature set will enable chart developers to prevent indirect errors for chart consumers/operators.

Supporting a simple SemVer based `minimumHelmVersion` field in chart's `Chart.yaml` is thought to be a simple way to provide forward compatibility guarantees.


## Rationale

It is thought that over time, as Helm extends its functionality, there will be greater scope for forward compatibility errors to present themselves.

And in particular, the mechanism that describes the minimum feature set must be built into and understood by prior versions of Helm.

Utilizing a simple minimum version SemVer field in a chart is thought to be a simple and succinct way to enable forward compatibility guarantees for future versions of Helm.

Similar to the way the Go toolchains allow forward compatibility guarentees via [`go.mod`][1].


## Specification

`Chart.yaml` will include an optional field `minimumHelmVersion`, which is a [SemVer][2] string for the version of Helm required for the chart to operate:

```
minimumHelmVersion: <MAJOR>[.<MINOR>[.PATCH]]
```

The minor and patch fields are optional.
And will be inferred as zeros if not specified.

When loading a chart, iff the `minimumHelmVersion` exists, Helm will verify its version exceeds or equals the version constraint specified in the field.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

iff -> if

Copy link
Member Author

@gjenkins8 gjenkins8 Nov 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is one of my favorite contractions :) iff -> if and only if

https://www.merriam-webster.com/dictionary/iff

ie. the above reads like:

When loading a chart, if and only if the minimumHelmVersion exists, Helm will verify its version exceeds or equals the version constraint specified in the field.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would think we would want to omit the use of abbreviations as the meaning may not be broadly understood, especially for those where English is not a first language

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, fair. will drop usage of iff


When "strict" loading of `Chart.yaml` is used: ie. the loading of `Chart.yaml` errors when unknown fields are present, Helm will first 'peek' into `Chart.yaml` and extract the `minimumHelmVersion` field (iff it exists) and perform the version constraint check at this point.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

iff -> if

This is to provide better UX that simply erroring on any potential new fields in `Chart.yaml` that are unknown to the current version of Helm.
gjenkins8 marked this conversation as resolved.
Show resolved Hide resolved

`helm create` will pre-fill Chart.yaml's `minimumHelmVersion` field with the current version of Helm.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this new proposed parameter be added at chart instantiation? Other similar values, like KubeVersion are not added automatically

While this may not be strictly necessary, it will provide a backstop for features that may be included in the chart by the user for their current Helm version or `helm create`.
The user can remove/reduce the specified `minimumHelmVersion` if desired.

`helm lint` will produce a warning, if the current version of Helm is newer than the minimum version constraint.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A warning if the current version is newer? Do you mean, if the current version is older?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree this is too aggressive.

I did originally mean newer, with the intention as follows. Will address in #370 (comment)

Or the `minimumHelmVersion` field is unset for the given chart.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could lead to a negative experience for chart consumers

This is to encourage users to update the minimum version to currently utilized version of Helm (that the user is using to develop the chart).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We see a difference between people who create a chart and those who consume charts (see the profiles/roles). Consider all the charts people pull from repositories listed on Artifact Hub.

There is also a large variety of different versions of Helm in use. In our previous CDN we had data on this. While the majority were using a relatively new version, it was not unusual for people to use older version. Even those over 2 years old.

Even in those final reports, from just a few months ago, there were cases of people pulling 3.0.0 regularly. A bad idea but it's happening. Versions in use go further back than we would like.

If we want to make charts widely usable, do we want to have a relatively recent version of Helm set as the minimum version if there is no feature in a newer version of Helm (e.g., new template function) being used? What is the benefit?



## Backwards compatibility

As `minimumHelmVersion` is an optional field, it will be inferred to be unset in existing charts.
And when unset, Helm will retain existing behavior (won't implement any checks)
gjenkins8 marked this conversation as resolved.
Show resolved Hide resolved

Older versions of Helm which don't understand the `minimumHelmVersion` field will actually ignore the field even if set (as they load `Chart.yaml` ignoring unknown fields).
gjenkins8 marked this conversation as resolved.
Show resolved Hide resolved
However, there isn't anything that can practically be done to address this encoded behavior.


## Security implications

None


## How to teach this

Update docs for `Chart.yaml`


## Reference implementation

N/A


## Rejected ideas

**Generic version contraints:**
It is thought a "minimum" constraint is preferred over a generic "constraint" system.
ie. where a user could list multiple version constraints to be satisfied
Similar to e.g. [pip's requirement-specifiers][3].
This is because Helm makes great effort to remain [backwards compatible][4].
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This is because Helm makes great effort to remain [backwards compatible][4].
This is because Helm makes great effort to remain [backwards compatibility][4].

And so it is presumed unnecessary that a user would need to specify anything but a single minimum version constraint.
And in the future when Helm does make breaking changes to charts, it is expected the chart API version will be incremented to explicitly signify this new incompatiblity.

**Capabilities:**
Providing a capabilities based system.
Rather than just directly inferring Helm capabilities from its version.

A `Chart.yaml` could describe its required features ie. capabilities it expects/requires the Helm version to provide.
From which Helm could inspect and matches against features/capabilities the in use version does provide.
gjenkins8 marked this conversation as resolved.
Show resolved Hide resolved
However, since core Helm capabilities are only every additive due to Helm's [backwards-compatibility rules][4], a capabilities based system is redundant.

*NB: at the time of writing, plugins for extending Helm's functionality are being heavily discussed.
And while plugins will likely allow extending capabilities independent of the Helm version.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Combine with the following sentence? Its currently a fragment

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops, right

It is presumed plugins will include their own version constraint specifier system.
That will ensure conditions for valid plugin versions are met*

### Future ideas

Extending Helm lint to detect incompatible chart features for the currently specified `minimumHelmVersion`.


## Open issues

N/A


## References

[1]: <https://go.dev/blog/toolchain#forward> "Golang forward compatibility"
[2]: <https://semver.org> "Semantic versioning"
[3]: <https://pip.pypa.io/en/stable/reference/requirement-specifiers/#requirement-specifiers> "Pip request-specifiers"
[4]: <hip-0004.md> "hip-0004: Document backwards-compatibility rules"