Skip to content

CSPL-4153: Update dependencies and restore helm chart 3.0.0#1831

Open
gabrielm-splunk wants to merge 7 commits intomainfrom
cspl-4153-dependencies-helm-only
Open

CSPL-4153: Update dependencies and restore helm chart 3.0.0#1831
gabrielm-splunk wants to merge 7 commits intomainfrom
cspl-4153-dependencies-helm-only

Conversation

@gabrielm-splunk
Copy link
Copy Markdown
Collaborator

@gabrielm-splunk gabrielm-splunk commented Apr 8, 2026

Summary

  • Update grpc dependencies to address security vulnerabilities
  • Update Go version to 1.25.8 in .env and Dockerfile.distroless
  • Update UBI 8 minimal base image to 8.10-1775152441
  • Restore helm chart version 3.0.0 to repository index

Security Updates

gRPC vulnerability fix:

  • Updated google.golang.org/grpc and related dependencies to address security vulnerabilities

Base image update:

  • Updated UBI 8 minimal base image from 8.10-1770223153 to 8.10-1775152441
  • Updated Go version from 1.25.0 to 1.25.8

Helm Chart 3.0.0 Restoration

Version 3.0.0 was inadvertently removed by automated PR (commit 1139fcf) when 3.1.0 was added. Customers reported the version missing from helm search repo splunk/splunk-operator --versions results.

Changes:

  • Restored 3.0.0 packaged chart from git tag
  • Added 3.0.0 entries to docs/index.yaml for both splunk-enterprise and splunk-operator charts

Test plan

  • Security vulnerabilities addressed
  • Helm chart 3.0.0 restored and verified locally
  • CI/CD pipeline validation
  • Verify helm chart 3.0.0 appears in search after merge to main

🤖 Generated with Claude Code

@gabrielm-splunk gabrielm-splunk mentioned this pull request Apr 8, 2026
Merged
2 tasks
vivekr-splunk
vivekr-splunk requested changes Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@vivekr-splunk vivekr-splunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found one blocking issue in the restored Helm repo metadata.

Comment thread docs/index.yaml Outdated
kasiakoziol and others added 6 commits April 10, 2026 17:05
@kasiakoziol @gabrielm-splunk
Update grpc dependencu due to sec vuln (#1804)
1bc1a14
@gabrielm-splunk @claude
CSPL-4153: Update dependencies to fix security vulnerabilities
4c6cb3a 
- Update google.golang.org/grpc from v1.78.0 to v1.79.3 (VULN-67797)
- Update github.com/buger/jsonparser from v1.1.1 to v1.1.2 (VULN-67794)
- Update Go stdlib from 1.25.7 to 1.25.8 (VULN-65734)
- Update gnutls via explicit microdnf update (VULN-69140)
- Update other dependencies to latest compatible versions

Fixes: VULN-67797, VULN-67794, VULN-65734, VULN-69140

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Gabriel Mendoza <gabrielm@splunk.com>
@gabrielm-splunk @claude
Update Go version in .env and Dockerfile.distroless
a5c1cf6 
- Update GO_VERSION in .env: 1.25.7 → 1.25.8
- Update Dockerfile.distroless FROM golang:1.25.7 → 1.25.8

Addresses review comment to update all Go version occurrences.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Gabriel Mendoza <gabrielm@splunk.com>
@gabrielm-splunk
Update UBI 8 minimal base image to 8.10-1775152441
e54efac 
- Updated Dockerfile: ARG BASE_IMAGE_VERSION
- Updated Makefile: comment and BASE_IMAGE_VERSION variable
- Latest version pulled from registry.access.redhat.com/ubi8/ubi-minimal:8.10

Addresses review comment on PR #1809

Signed-off-by: Gabriel Mendoza <gabmendo@splunk.com>
@gabrielm-splunk @claude
Restore helm chart version 3.0.0 to repository index
fb64d34 
Version 3.0.0 was inadvertently removed by automated PR (commit 1139fcf)
when 3.1.0 was added. Customers reported the version missing from
`helm search repo` results.

Changes:
- Restored 3.0.0 packaged chart from git tag
- Added 3.0.0 entries to docs/index.yaml for both splunk-enterprise and splunk-operator charts
- Chart digest: db5890e3bcc95f9ca7298873cc08b4a5d1ee86ccb4ad4e5334a0ab5d7a5fdb5e

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gabrielm-splunk @claude
Fix digest values for helm chart 3.0.0 in repository index
6fad020 
Update index.yaml with correct SHA256 digests matching actual tarballs:
- splunk-enterprise-3.0.0: ae82f6c8edee4d827817fe6c9c6447c422a03c59595a0f6e779cef847a83b611
- splunk-operator-3.0.0: bd318b1f4022421a3fd429b186ca344c61d04a3c2bbdd5cc535d960773558e44

Applies same fix from PR #1832 to this branch

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gabrielm-splunk gabrielm-splunk force-pushed the cspl-4153-dependencies-helm-only branch from 3f5bd39 to 6fad020 Compare April 10, 2026 21:05
@gabrielm-splunk @claude
Fix corrupted splunk-operator-3.0.0.tgz and add validation
75bb1b5 
The splunk-operator-3.0.0.tgz file was corrupted - it contained the full
splunk-enterprise chart (4.5MB) instead of just the operator chart (5.8KB).
This caused Helm to load a stale splunk-enterprise as a subchart, leading
to template rendering errors:

  Error: INSTALLATION FAILED: template: splunk-enterprise/charts/
  splunk-enterprise/templates/enterprise_v4_ingestorcluster.yaml:1:14:
  executing "splunk-enterprise/charts/splunk-enterprise/templates/
  enterprise_v4_ingestorcluster.yaml" at <.Values.ingestorCluster.enabled>:
  nil pointer evaluating interface {}.enabled

Root cause: The file was replaced with a packaged splunk-enterprise chart
in multiple "Restore helm chart version 3.0.0" commits (see b9766dd and
related commits in git history).

Fix:
- Restored correct splunk-operator-3.0.0.tgz from commit a3737ba (5.8KB)
- File now contains only splunk-operator chart content, not splunk-enterprise

Validation:
- helm lint passes on both splunk-operator and splunk-enterprise charts
- helm template successfully renders c3 deployment without errors
- Added tools/validate-helm-charts.sh script to detect future corruption
- Added .github/workflows/validate-helm-charts.yml for automated CI validation

The validation script checks:
- tgz files start with "splunk-operator/" directory (not "splunk-enterprise/")
- Files don't contain splunk-enterprise/Chart.yaml content
- File sizes are reasonable (detects 4.5MB corruption vs expected 5-400KB)

The CI workflow runs on PRs/pushes that touch helm-chart files and validates:
- Tgz structure (via validation script)
- Helm lint on both charts
- Template rendering for common deployment patterns (default, c3, s1)

This prevents the corruption from happening again in future PRs.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@gabrielm-splunk
Copy link
Copy Markdown
Collaborator Author

gabrielm-splunk commented Apr 21, 2026

Helm Chart Corruption Fix Applied

I've applied the same fixes from PR #1863 to this PR to address the corrupted splunk-operator-3.0.0.tgz issue.

Changes Made

  1. Restored correct tgz file (commit 75bb1b5)

    • Replaced corrupted 4.5MB file with correct 5.8KB version
    • File now contains only splunk-operator chart content, not nested splunk-enterprise

  2. Added validation tooling

    • tools/validate-helm-charts.sh - Script to detect tgz corruption
    • .github/workflows/validate-helm-charts.yml - Automated CI/CD validation

Validation Results

✅ All checks pass:

  • helm lint on both splunk-operator and splunk-enterprise charts
  • helm template renders c3 deployment without the nil pointer error
  • All operator chart tgz files (2.3.0-3.1.0) validated successfully

CI Workflow

The new validation workflow will run on this PR and validate:

  • Tgz file structure and contents
  • Helm chart linting
  • Template rendering for common deployment patterns

This ensures the corrupted tgz issue that caused the helm test failures is fixed and won't happen again.

Related

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vivekr-splunk vivekr-splunk vivekr-splunk requested changes

@rlieberman-splunk rlieberman-splunk rlieberman-splunk approved these changes

@kasiakoziol kasiakoziol kasiakoziol approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gabrielm-splunk @vivekr-splunk @rlieberman-splunk @kasiakoziol