feat(helm): helm apps deployed by portainer not marked as external EE-1624 (#5637)

* helm lib update * helm handler requires kubernetes deployer to modify helm deployed resources * AddAppLabels updated to be more generic - support for adding multiple labels using map * path installed helm release manifest with portainer labels using kubectl * updated helm handler unit tests to use mock KubernetesDeployer * adding labels to manifest retrieved from release * optional namespace support for k8s raw manifest deployment * - inline postprocessing support when extracting - get namespace from yaml support - added and updated tests * lowercase error wrapping * updated libhelm dep
2025-07-23 15:29:42 +02:00 · 2021-09-29 13:12:45 +13:00 · 2021-09-29 13:12:45 +13:00 · af98660a55
commit af98660a55
parent 50f63ae865
14 changed files with 494 additions and 30 deletions
--- a/api/http/handler/helm/handler.go
+++ b/api/http/handler/helm/handler.go
@ -27,15 +27,17 @@ type Handler struct {
 	requestBouncer     requestBouncer
 	dataStore          portainer.DataStore
 	kubeConfigService  kubernetes.KubeConfigService
+	kubernetesDeployer portainer.KubernetesDeployer
 	helmPackageManager libhelm.HelmPackageManager
 }

-// NewHandler creates a handler to manage environment(endpoint) group operations.
-func NewHandler(bouncer requestBouncer, dataStore portainer.DataStore, helmPackageManager libhelm.HelmPackageManager, kubeConfigService kubernetes.KubeConfigService) *Handler {
+// NewHandler creates a handler to manage endpoint group operations.
+func NewHandler(bouncer requestBouncer, dataStore portainer.DataStore, kubernetesDeployer portainer.KubernetesDeployer, helmPackageManager libhelm.HelmPackageManager, kubeConfigService kubernetes.KubeConfigService) *Handler {
 	h := &Handler{
 		Router:             mux.NewRouter(),
 		requestBouncer:     bouncer,
 		dataStore:          dataStore,
+		kubernetesDeployer: kubernetesDeployer,
 		helmPackageManager: helmPackageManager,
 		kubeConfigService:  kubeConfigService,
 	}
--- a/api/http/handler/helm/helm_delete_test.go
+++ b/api/http/handler/helm/helm_delete_test.go
@ -9,6 +9,7 @@ import (
 	"github.com/portainer/libhelm/binary/test"
 	"github.com/portainer/libhelm/options"
 	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/exec/exectest"
 	"github.com/portainer/portainer/api/http/security"
 	"github.com/portainer/portainer/api/kubernetes"
 	"github.com/stretchr/testify/assert"
@ -29,9 +30,10 @@ func Test_helmDelete(t *testing.T) {
 	err = store.User().CreateUser(&portainer.User{Username: "admin", Role: portainer.AdministratorRole})
 	is.NoError(err, "Error creating a user")

+	kubernetesDeployer := exectest.NewKubernetesDeployer()
 	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
 	kubeConfigService := kubernetes.NewKubeConfigCAService("", "")
-	h := NewHandler(helper.NewTestRequestBouncer(), store, helmPackageManager, kubeConfigService)
+	h := NewHandler(helper.NewTestRequestBouncer(), store, kubernetesDeployer, helmPackageManager, kubeConfigService)

 	is.NotNil(h, "Handler should not fail")

--- a/api/http/handler/helm/helm_install.go
+++ b/api/http/handler/helm/helm_install.go
@ -1,18 +1,22 @@
 package helm

 import (
-	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"strings"

+	"github.com/pkg/errors"
 	"github.com/portainer/libhelm/options"
 	"github.com/portainer/libhelm/release"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer/api/http/middlewares"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/kubernetes"
 	"github.com/portainer/portainer/api/kubernetes/validation"
+	"golang.org/x/sync/errgroup"
 )

 type installChartPayload struct {
@ -131,5 +135,79 @@ func (handler *Handler) installChart(r *http.Request, p installChartPayload) (*r
 	if err != nil {
 		return nil, err
 	}
+
+	manifest, err := handler.applyPortainerLabelsToHelmAppManifest(r, installOpts, release.Manifest)
+	if err != nil {
+		return nil, err
+	}
+
+	err = handler.updateHelmAppManifest(r, manifest, installOpts.Namespace)
+	if err != nil {
+		return nil, err
+	}
+
 	return release, nil
 }
+
+// applyPortainerLabelsToHelmAppManifest will patch all the resources deployed in the helm release manifest
+// with portainer specific labels. This is to mark the resources as managed by portainer - hence the helm apps
+// wont appear external in the portainer UI.
+func (handler *Handler) applyPortainerLabelsToHelmAppManifest(r *http.Request, installOpts options.InstallOptions, manifest string) ([]byte, error) {
+	// Patch helm release by adding with portainer labels to all deployed resources
+	tokenData, err := security.RetrieveTokenData(r)
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to retrieve user details from authentication token")
+	}
+	user, err := handler.dataStore.User().User(tokenData.ID)
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to load user information from the database")
+	}
+
+	appLabels := kubernetes.GetHelmAppLabels(installOpts.Name, user.Username)
+	labeledManifest, err := kubernetes.AddAppLabels([]byte(manifest), appLabels)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to label helm release manifest")
+	}
+
+	return labeledManifest, nil
+}
+
+// updateHelmAppManifest will update the resources of helm release manifest with portainer labels using kubectl.
+// The resources of the manifest will be updated in parallel and individuallly since resources of a chart
+// can be deployed to different namespaces.
+// NOTE: These updates will need to be re-applied when upgrading the helm release
+func (handler *Handler) updateHelmAppManifest(r *http.Request, manifest []byte, namespace string) error {
+	endpoint, err := middlewares.FetchEndpoint(r)
+	if err != nil {
+		return errors.Wrap(err, "unable to find an endpoint on request context")
+	}
+
+	// extract list of yaml resources from helm manifest
+	yamlResources, err := kubernetes.ExtractDocuments(manifest, nil)
+	if err != nil {
+		return errors.Wrap(err, "unable to extract documents from helm release manifest")
+	}
+
+	// deploy individual resources in parallel
+	g := new(errgroup.Group)
+	for _, resource := range yamlResources {
+		resource := resource // https://golang.org/doc/faq#closures_and_goroutines
+		g.Go(func() error {
+			// get resource namespace, fallback to provided namespace if not explicit on resource
+			resourceNamespace, err := kubernetes.GetNamespace(resource)
+			if err != nil {
+				return err
+			}
+			if resourceNamespace == "" {
+				resourceNamespace = namespace
+			}
+			_, err = handler.kubernetesDeployer.Deploy(r, endpoint, string(resource), resourceNamespace)
+			return err
+		})
+	}
+	if err := g.Wait(); err != nil {
+		return errors.Wrap(err, "unable to patch helm release using kubectl")
+	}
+
+	return nil
+}
--- a/api/http/handler/helm/helm_install_test.go
+++ b/api/http/handler/helm/helm_install_test.go
@ -13,6 +13,7 @@ import (
 	"github.com/portainer/libhelm/release"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt"
+	"github.com/portainer/portainer/api/exec/exectest"
 	"github.com/portainer/portainer/api/http/security"
 	helper "github.com/portainer/portainer/api/internal/testhelpers"
 	"github.com/portainer/portainer/api/kubernetes"
@ -31,9 +32,10 @@ func Test_helmInstall(t *testing.T) {
 	err = store.User().CreateUser(&portainer.User{Username: "admin", Role: portainer.AdministratorRole})
 	is.NoError(err, "error creating a user")

+	kubernetesDeployer := exectest.NewKubernetesDeployer()
 	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
 	kubeConfigService := kubernetes.NewKubeConfigCAService("", "")
-	h := NewHandler(helper.NewTestRequestBouncer(), store, helmPackageManager, kubeConfigService)
+	h := NewHandler(helper.NewTestRequestBouncer(), store, kubernetesDeployer, helmPackageManager, kubeConfigService)

 	is.NotNil(h, "Handler should not fail")

--- a/api/http/handler/helm/helm_list_test.go
+++ b/api/http/handler/helm/helm_list_test.go
@ -11,6 +11,7 @@ import (
 	"github.com/portainer/libhelm/options"
 	"github.com/portainer/libhelm/release"
 	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/exec/exectest"
 	"github.com/portainer/portainer/api/kubernetes"
 	"github.com/stretchr/testify/assert"

@ -28,9 +29,10 @@ func Test_helmList(t *testing.T) {
 	err = store.User().CreateUser(&portainer.User{Username: "admin", Role: portainer.AdministratorRole})
 	assert.NoError(t, err, "error creating a user")

+	kubernetesDeployer := exectest.NewKubernetesDeployer()
 	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
 	kubeConfigService := kubernetes.NewKubeConfigCAService("", "")
-	h := NewHandler(helper.NewTestRequestBouncer(), store, helmPackageManager, kubeConfigService)
+	h := NewHandler(helper.NewTestRequestBouncer(), store, kubernetesDeployer, helmPackageManager, kubeConfigService)

 	// Install a single chart.  We expect to get these values back
 	options := options.InstallOptions{Name: "nginx-1", Chart: "nginx", Namespace: "default"}
--- a/api/http/handler/stacks/create_kubernetes_stack.go
+++ b/api/http/handler/stacks/create_kubernetes_stack.go
@ -304,7 +304,7 @@ func (handler *Handler) deployKubernetesStack(request *http.Request, endpoint *p
 		manifest = convertedConfig
 	}

-	manifest, err := k.AddAppLabels(manifest, appLabels)
+	manifest, err := k.AddAppLabels(manifest, appLabels.ToMap())
 	if err != nil {
 		return "", errors.Wrap(err, "failed to add application labels")
 	}