Here is a short list of chart and component bumps and how to perform them
CHART_NAME=fluent-bit
REPO_NAME=fluent
REPO_URL=https://fluent.github.io/helm-charts
CHART_NAME=cert-manager
REPO_NAME=jetstack
REPO_URL=https://charts.jetstack.io
CHART_NAME=dex
REPO_NAME=dex
REPO_URL=https://charts.dexidp.io
Before generating the sls, the chart file charts/dex/templates/ingress.yaml needs
to be patched as so (after line 3):
{{- $svcPort := .Values.service.ports.http.port -}}
# add these 3 lines
{{- if .Values.https.enabled -}}
{{- $svcPort = .Values.service.ports.https.port -}}
{{- end }}
(cf. opened issue)
CHART_NAME=loki
REPO_NAME=grafana
REPO_URL=https://grafana.github.io/helm-charts
CHART_NAME=ingress-nginx
REPO_NAME=ingress-nginx
REPO_URL=https://kubernetes.github.io/ingress-nginx
set $VERSION with the appropriate value.
run
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-$VERSION/deploy/grafana/dashboards/nginx.json \
-Lo salt/metalk8s/addons/nginx-ingress/deployed/files/ingress-nginx.json
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-$VERSION/deploy/grafana/dashboards/request-handling-performance.json \
-Lo salt/metalk8s/addons/nginx-ingress/deployed/files/ingress-nginx-performance.json
CHART_NAME=prometheus-adapter
REPO_NAME=prometheus-community
REPO_URL=https://prometheus-community.github.io/helm-charts
CHART_NAME=kube-prometheus-stack
REPO_NAME=prometheus-community
REPO_URL=https://prometheus-community.github.io/helm-charts
NB: thanos chart is updated at the same time
After the first failed build, rules.json and alerting_rules.json from
$ARTIFACTS_URL/alert_rules and place them in tools/rule_extractor folder.
CHART_NAME=thanos
REPO_NAME=banzaicloud-stable
REPO_URL=https://kubernetes-charts.banzaicloud.com/
All charts are in the charts/ directory, they are usually represented
in one file and one directory:
$CHART_NAME/contains the untouched chart files fetched using helm.$CHART_NAME.yamlour personalized helm values file.
In order to Bump this chart, one has to:
- remove the current chart files:
rm -rf charts/$CHART_NAME/ - add the chart's repo using helm:
helm repo add $REPO_NAME $REPO_URL && helm repo update - fetch the repo again:
helm fetch -d charts --untar $REPO_NAME/$CHART_NAME - make any necessary patches to the chart (chart-specific).
A few tips to bump image versions and SHAs:
- we can find the desired image version in the chart.
- bumps are done in the file
buildchain/buildchain/versions.py. - the registry for an image can be found by parsing
constants.pyandimage.py. - when the registry is known, the SHA for the new version can be fetched:
gcrane digest $registry/$image:$tag
This guide is applied for both metalk8s-operator and storage-operator.
go,curl, andpatchinPATH.pyyamlPython package:pip install pyyaml
Before running the script, update the target versions in the YAML config files at
scripts/upgrade-operator-sdk/<name>/config.yaml:
operator_sdk_version: v1.42.1 # target operator-sdk release
go_toolchain: go1.25.8 # Go toolchain (for GOTOOLCHAIN + FROM golang:X.Y)
k8s_libs: v0.33.9 # k8s.io/{api,apimachinery,client-go} versionThe script makes no version-detection API calls; all versions are read from the YAML config.
The script processes one operator at a time. Run it once per operator:
python3 scripts/upgrade-operator-sdk/upgrade.py operator
python3 scripts/upgrade-operator-sdk/upgrade.py storage-operatorThe argument is the name of the config directory next to the script
(i.e. scripts/upgrade-operator-sdk/<name>/). A full path can also be
given for configs stored elsewhere.
Options:
--skip-backup Reuse an existing .bak directory (no new backup)
--clean-tools Delete .tmp/bin/ after the upgrade
--yes, -y Skip the confirmation prompt
Each operator has a config directory at scripts/upgrade-operator-sdk/<name>/ containing
config.yaml and a patches/ subdirectory. The config fields are:
- Versions:
operator_sdk_version,go_toolchain,k8s_libs - Scaffold:
repo,domain,apis(withgroup,version,kind,namespaced). The operator name is derived from the config directory name. - Paths:
operator_dir,patches_dir,backup_paths - Post-processing:
image_placeholder,extra_commands
MetalK8s-specific customizations to scaffold-generated files (Dockerfile, Makefile)
are stored as GNU unified diff files in the patches/ subdirectory next to config.yaml. The script
applies them with patch -p1 after scaffolding. If a patch does not apply cleanly,
look for .rej files and resolve manually.
Patch files use __PLACEHOLDER__ tokens for values from the YAML config:
| Placeholder | Replaced with | Source |
|---|---|---|
__GOTOOLCHAIN__ |
go_toolchain from config (e.g. go1.25.8) |
Makefile |
__IMAGE__ |
image_placeholder from config |
Makefile |
The FROM golang:X.Y in Dockerfile is derived from go_toolchain in the config.
New .patch files in the patches directory are automatically picked up.
git diffto review all changescd <operator> && make testto run tests- Check
config/crd/bases/for correct CRD scopes - Check
config/rbac/role.yamlfor RBAC completeness - Check
deploy/manifests.yamlfor correct Jinja templates - Remove backup:
rm -rf <operator>.bak/
- Update images in
buildchain/buildchain/versions.py. - Update manifest in
salt/metalk8s/kubernetes/cni/calico/deployed.sls:- copy the file from here.
- apply metalk8s patches as they will show up in the diffs. All Metalk8s necessary changes have appended comments.
Instructions to bump Containerd version are in its spec file
- git add changes because codegen need to list them.
- generate the sls state from the chart:
./doit.sh codegen:chart_$CHART_NAME