Confirm release belongs to HR before upgrading

Before this change, when a user would create multiple HelmReleases with the same release name configured, the operator would attempt to upgrade the release indefinitely. To overcome this issue, the operator now injects the resource ID of the HelmRelease into the description of the release and confirms this value equals the resource ID of the HelmRelease it is going to run an upgrade for. If the value diverges, the status of the HelmRelease is updated to make it visible to the user and a message is logged. For backwards compatibility, and to be able to migrate existing releases to a HelmRelease, we see empty descriptions as a positive.
fluxcd · Jun 3, 2019 · aa99331 · aa99331
1 parent 86eed4d
commit aa99331
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/integrations/helm/chartsync/chartsync.go b/integrations/helm/chartsync/chartsync.go
@@ -377,11 +377,18 @@ func (chs *ChartChangeSync) reconcileReleaseDef(fhr fluxv1beta1.HelmRelease) {
 		}
 		chs.setCondition(fhr, fluxv1beta1.HelmReleaseReleased, v1.ConditionTrue, ReasonSuccess, "helm install succeeded")
 		if err = status.UpdateReleaseRevision(chs.ifClient.FluxV1beta1().HelmReleases(fhr.Namespace), fhr, chartRevision); err != nil {
-			chs.logger.Log("warning", "could not update the release revision", "namespace", fhr.Namespace, "resource", fhr.Name, "err", err)
+			chs.logger.Log("warning", "could not update the release revision", "resource", fhr.ResourceID().String(), "err", err)
 		}
 		return
 	}
 
+	if !chs.release.OwnedByHelmRelease(rel, fhr) {
+		msg := fmt.Sprintf("release '%s' does not belong to HelmRelease")
+		chs.setCondition(fhr, fluxv1beta1.HelmReleaseReleased, v1.ConditionFalse, ReasonUpgradeFailed, msg)
+		chs.logger.Log("warning", msg + ", this may be an indication that multiple HelmReleases with the same release name exist", "resource", fhr.ResourceID().String())
+		return
+	}
+
 	changed, err := chs.shouldUpgrade(chartPath, rel, fhr)
 	if err != nil {
 		chs.logger.Log("warning", "unable to determine if release has changed", "resource", fhr.ResourceID().String(), "err", err)

diff --git a/integrations/helm/release/release.go b/integrations/helm/release/release.go
@@ -202,6 +202,7 @@ func (r *Release) Install(chartPath, releaseName string, fhr flux_v1beta1.HelmRe
 			k8shelm.InstallDryRun(opts.DryRun),
 			k8shelm.InstallReuseName(opts.ReuseName),
 			k8shelm.InstallTimeout(fhr.GetTimeout()),
+			k8shelm.InstallDescription(fhrResourceID(fhr).String()),
 		)
 
 		if err != nil {
@@ -231,6 +232,7 @@ func (r *Release) Install(chartPath, releaseName string, fhr flux_v1beta1.HelmRe
 			k8shelm.UpgradeTimeout(fhr.GetTimeout()),
 			k8shelm.ResetValues(fhr.Spec.ResetValues),
 			k8shelm.UpgradeForce(fhr.Spec.ForceUpgrade),
+			k8shelm.UpgradeDescription(fhrResourceID(fhr).String()),
 		)
 
 		if err != nil {
@@ -267,6 +269,23 @@ func (r *Release) Delete(name string) error {
 	return nil
 }
 
+// OwnedByHelmRelease validates the release is managed by the given
+// HelmRelease, by looking for the resource ID in the release
+// description. This validation is necessary because we can not
+// validate the uniqueness of a release name on the creation of a
+// HelmRelease, which would result in the operator attempting to
+// upgrade a release indefinitely when multiple HelmReleases with the
+// same release name exist.
+//
+// For backwards compatibility, and to be able to migrate existing
+// releases to a HelmRelease, we define empty descriptions as a
+// positive.
+func (r *Release) OwnedByHelmRelease(release *hapi_release.Release, fhr flux_v1beta1.HelmRelease) bool {
+	description := release.Info.Description
+
+	return description == "" || description == fhrResourceID(fhr).String()
+}
+
 // annotateResources annotates each of the resources created (or updated)
 // by the release so that we can spot them.
 func (r *Release) annotateResources(release *hapi_release.Release, fhr flux_v1beta1.HelmRelease) {