Comments (5)
As things stand right now in this repo's configuration with flux2, even installing the cert-manager CRDs out-of-band from the helm chart causes issues and failures within flux to reconcile. The reason for this is that flux appears to be trying to apply objects leveraging those CRDs before the CRDs are applied, and is failing fast instead of becoming eventually consistent.
Based on a discussion in discord, it looks like there are two paths:
- Disable flux validation to allow the objects to eventually become consistent and work. I don't like this idea because there are a lot of benefits from the validations beyond this specific case.
- Do some kustomization voodoo magic to 'force' the CRDs (or chart if that's the entity applying the CRDs) to get applied before the consuming objects (e.g. ClusterIssuers or Certificates). Like you are hinting at, @ChipWolf . his will require some more research on my part. I've been trying to avoid restructuring this repo to fix the flux opiniation model, but may reconsider this if it makes implementing the ordering solution 'easier'.
from k8s-gitops.
Related to #2870 ?
from k8s-gitops.
Thanks @ChipWolf. This is a problem, and I'm not sure the best approach for fixing it:
- Helm will not upgrade changes to CRDs beyond whatever version they were upon initial installation
- Therefore, it stands to reason that CRDs should be installed and upgraded outside of helm
The race condition you describe suggests that setting the helm-to-install-CRDs flag to false should resolve the issue. There is some risk in doing this (as I learned painfully with the rook chart) in that flipping the flag from true to false will cause helm to remove the CRDs as part of the change action, despite the fact that they are being installed separately.
I need to noddle on the best way to handle this. In this particular situation it won't be too disruptive if this happens with cert-manager (or if I simply completely blow-away the cert-manager HelmRelease and let flux reconcile a fresh installation), because it should just request a new wildcard cert.
from k8s-gitops.
You could add a strategic merge patch to the CRD's Kustomization to add the labels Helm expects to see; that'd keep Helm happy & would allow the CRDs to be upgraded dynamically.
It sounds awfully sketchy, but 🤷♂️
from k8s-gitops.
With cert-manager, I ended up going the kustomization route to resolving the CRD issues, in the end this allowed me to also break up my flux repo into production and staging
from k8s-gitops.
Related Issues (20)
- yeet k8s-at-home charts HOT 1
- implement 1Password connect HOT 1
- leverage 1Password for secrets
- experiment with talos or kairos HOT 1
- Enable rook/ceph object storage
- Migrate loki to ceph object storage
- Consider leveraging vector instead of promtail
- Migrate thanos to ceph object storage
- Revisit gitops flux directory structure HOT 3
- Explore draino HOT 3
- rook/ceph OSD repaving incident on 2023-02-22 HOT 1
- Renovate (Mend) Dashboard
- Incorrect ingress in echo-server
- experiment with NixOS HOT 6
- Duplicate key in kube-prometheus-stack chart values HOT 1
- upgrade to k8s 1.20 HOT 2
- Migrate from minio to minio-operator HOT 1
- Migrate from zwave2mqtt to zwavejs2mqtt HOT 1
- explore sops HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k8s-gitops.