chore: update helm version #1534
Conversation
| ARG KUBECTL_VERSION=1.20.0 | ||
| ARG HELM_VERSION=3.8.1 | ||
| ARG HELM_VERSION=3.17.0 |
There was a problem hiding this comment.
we're using this layer in aws-cdk-lib if I'm not wrong, any change in here can lead to breaking change for the customers as well as it being used here in CDK.
https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/lambda-layer-kubectl/lib/kubectl-layer.ts#L1. Though, EKS natively doesn't support this kubectl version, not sure if we still want to keep it to older version in main lib https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html.
There was a problem hiding this comment.
Yes this layer is used in aws-cdk-lib and is outdated.
There are 3 ways to resolve it:
- make
kubectlLayerrequired from optional - update
kubectlLayerdefault version - update
helmversion
All of them are breaking changes. 3) is the solution has least impact. Since this layer is not supported natively by EKS, the change impact is minimal.
There was a problem hiding this comment.
Similar with change as this PR #623
There was a problem hiding this comment.
I'd argue (1) has the least impact. Yes, it will break builds. But at least it will break them transparently. Both (2) and (3) might or might not break a customer depending on the exact circumstances. However if it does, the failure will be much less transparent and a few steps removed. (1) has a guarantee to have zero impact on deployed resources. With (2) & (3) we have the potential to cause an outage to a customer.
Note: This helm version is not guaranteed to work with the kubectl version in this branch.
However this layer version is outdated and not supposed to be used anymore. Helm version needs to be updated because it's impacted by the CVE https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-HELM-7219926
It's bundled as dependency of CDK. If it's not fixed here, we need to ship a breaking change in main cdk repo which has more impact.