2i2c-org · yuvipanda · Mar 10, 2026 · Mar 10, 2026 · Mar 19, 2026 · Mar 19, 2026
diff --git a/.github/actions/setup-deploy/action.yaml b/.github/actions/setup-deploy/action.yaml
@@ -69,54 +69,19 @@ runs:
       go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0
     shell: bash
 
-    # This action use the github official cache mechanism internally
   - uses: azure/setup-helm@v4
     with:
-        # Manually update a pinning of helm to a minor version based on:
-        #
-        # - it seems to work
-        # - to avoid falling behind
-        #
-        # Related:
-        #
-        # - helm versions: https://github.com/helm/helm/releases
-        #
-      version: v3.14.4
+      version: v4.1.1
 
-    # Manually update a pinning of kubectl to a minor version based on:
-    #
-    # - the current range of k8s version in our k8s clusters, as of 2024-04-17,
-    #   this is k8s 1.27 - 1.29
-    # - the next expected change in this range, as of 2024-04-17, is to expand
-    #   to include 1.30
-    # - the kubectl <-> k8s api-server skew policy of +/- one minor version
-    # - the policy of attempting to update our kubectl version here to be +/-
-    #   one minor versions of future k8s clusters additions or upgrades, so that
-    #   additions or upgrades of k8s clusters aren't unexpectedly held back
-    #
-    # As an example, we upgraded to kubectl to version 1.24 before we
-    # added/upgraded a k8s cluster to version 1.25.
-    #
-    # Related:
-    #
-    # - k8s versions: https://kubernetes.io/releases/
-    # - Kubectl version skew policy: https://kubernetes.io/releases/version-skew-policy/#kubectl
-    # - 2i2c, k8s upgrades tracked: https://github.com/2i2c-org/infrastructure/issues/2293
-    # - 2i2c, historical issue: https://github.com/2i2c-org/infrastructure/issues/1271
-    #
   - uses: azure/setup-kubectl@v4
     with:
-      version: v1.28.8
+      version: v1.34
 
-    # This action use the github official cache mechanism internally
   - name: Install sops
     uses: mdgreenwald/mozilla-sops-action@v1.6.0
 
     # Install pre-requisite for "gcloud container clusters get-credentials"
-    # command with a modern k8s client.
-    #
-    # A manual install step has been needed as they opted to not provide it in
-    # the github-runner image. See
+    # command with a modern k8s client. See
     # https://github.com/actions/runner-images/issues/5925#issuecomment-1216417721.
     #
   - name: Install gke-gcloud-auth-plugin

diff --git a/deployer/infra_components/cluster.py b/deployer/infra_components/cluster.py
@@ -3,6 +3,7 @@
 import json
 import os
 import subprocess
+import sys
 import tempfile
 from contextlib import ExitStack, contextmanager
 from pathlib import Path
@@ -72,6 +73,17 @@ def auth(self, silent=False):
             raise ValueError(f"Provider {self.spec['provider']} not supported")
 
     def deploy_support(self, cert_manager_version, debug, skip_crds, dry_run):
+        helm_version = (
+            subprocess.check_output(["helm", "version", "--short"]).decode().strip()
+        )
+        if not helm_version.startswith("v4."):
+            print(
+                f"Minimum required version of helm is v4. Found version {helm_version}",
+                file=sys.stderr,
+            )
+            print("Upgrade your version of helm and try again")
+            sys.exit(1)
+
         if not skip_crds:
             cert_manager_url = "https://charts.jetstack.io"
 

diff --git a/deployer/infra_components/hub.py b/deployer/infra_components/hub.py
@@ -2,6 +2,7 @@
 
 import os
 import subprocess
+import sys
 from contextlib import ExitStack
 from pathlib import Path
 from typing import TYPE_CHECKING
@@ -95,6 +96,17 @@ def deploy(self, chart_dir, dask_gateway_version, debug, dry_run):
         """
         Deploy this hub
         """
+        # Make sure we're on helm v4
+        helm_version = (
+            subprocess.check_output(["helm", "version", "--short"]).decode().strip()
+        )
+        if not helm_version.startswith("v4."):
+            print(
+                f"Minimum required version of helm is v4. Found version {helm_version}",
+                file=sys.stderr,
+            )
+            print("Upgrade your version of helm and try again")
+            sys.exit(1)
         # Support overriding domain configuration in the loaded cluster.yaml via
         # a cluster.yaml specified enc-<something>.secret.yaml file that only
         # includes the domain configuration of a typical cluster.yaml file.