Cannot deploy operator to multiple namespaces

[mikeywaites]

Your environment

Operator Version: 1.0.0

Connect Server Version: 1.0.0

Kubernetes Version:1.18.16-gke.502

What happened?

helm install connect 1password/connect --namespace=dev \
            --set-file connect.credentials=dev-credentials.json \
            --set operator.serviceAccount.create=true \
            --set operator.clusterRole.create=true \
            --set operator.roleBinding.create=true \
            --set operator.create=true,operator.token.name=gke-1password-dev-access-token \
            --set namespace=dev
            
    kubectl create secret generic gke-1password-dev-access-token --from-literal=token=$OP_ACCESS_TOKEN \
            --namespace=dev
            
helm install connect 1password/connect --namespace=qa \
            --skip-crds \
            --set-file connect.credentials=qa-credentials.json \
            --set operator.serviceAccount.create=true \
            --set operator.clusterRole.create=true \
            --set operator.roleBinding.create=true \
            --set operator.create=true,operator.token.name=gke-1password-qa-access-token \
            --set namespace=qa
            
 Error: rendered manifests contain a resource that already exists. Unable to continue with install: CustomResourceDefinition "onepassworditems.onepassword.com" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-namespace" must equal "qa": current value is "dev"         

What did you expect to happen?

The second install command with skip-crds would not create the CRD again

Steps to reproduce

Create two environments for connect on 1password
generate a token and credentials for each
create two namespces
deploy connect with the operator to the first namespace
attempt to create the operator in a second namespace

Notes & Logs

Not entirely sure if this is me missing something obvious or wether it's the checks for those annotiation labels causing the issues. Essentially we have 4 isolated namespaces in our cluster. We want to have 4 environments each with it's own access-token and credentials which has access to a single vault for (one per namespace)

[florisvdg]

I think this is because the CRD is defined in the helm templates dir instead of in the Helm 3-standard crds dir. I've opened a PR on the Helm charts repo to address this.

[florisvdg]

v1.2.0 has just been released, so the --skip-crds flag should work now. Could you try again?

Small note: you do have to change the Helm repo URL to https://1password.github.io/connect-helm-charts to get the updated chart.

[mikeywaites]

Amazing! Thanks a lot for your support. I will check it out tonight and report back to you.

On Tue, 4 May 2021 at 14:19, Floris van der Grinten < ***@***.***> wrote: v1.2.0 <https://github.com/1Password/connect-helm-charts/releases/tag/connect-1.2.0> has just been released, so the --skip-crds flag should work now. Could you try again? Small note: you do have to change the Helm repo URL to https://1password.github.io/connect-helm-charts to get the updated chart. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#38 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AADXGGJCJAP5B3XUUWSOOA3TL7X53ANCNFSM43XOCMFA> .

-- Regards Mike

[mikeywaites]

@florisvdg I can confirm this has now resolved the issue. 🙏

[rhysviz]

Hey, this seems to have returned in v1.5. If I downgrade to v1.4 then it works.