Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm inflator kustomize not same result as helm install #5293

Closed
wibed opened this issue Jul 12, 2022 · 3 comments
Closed

helm inflator kustomize not same result as helm install #5293

wibed opened this issue Jul 12, 2022 · 3 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@wibed
Copy link

wibed commented Jul 12, 2022

kustomize's helm chart inflator does not correctly infer values set from the values.yaml

the following:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager

helmGlobals:
  chartHome: ../../../base/cert-manager

helmCharts:
- name: cert-manager
  includeCRDs: true
  releaseName: cluster0
  valuesInline:
    namespace: cert-manager
  repo: https://charts.jetstack.io/

does not have the same effect as:

helm install \                                                                             
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.8.2 \
  --includeCRDs=true

the second works, the first does result in the following error:

E0709 15:02:18.865017       1 leaderelection.go:330] error retrieving resource lock kube-system/cert-manager-cainjector-leader-election: leases.coordination.k8s.io "cert-manager-cainjector-leader-election" is forbidden: User "system:serviceaccount:cert-manager:cluster0-cert-manager-cainjector" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"

/kind bug
@jetstack-bot jetstack-bot added the kind/bug Categorizes issue or PR as related to a bug. label Jul 12, 2022
@Alegrowin
Copy link

I came across the exact same thing, this issue is caused by kustomize.

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager

will replace all resource namespace to cert-manager.

in ./base/charts/cert-manager/templates/rbac.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ include "cert-manager.fullname" . }}:leaderelection
  namespace: {{ .Values.global.leaderElection.namespace }}

This should be deployed to kube-system namespace instead of cert-manager.

Try comment/remove the namespace from kustomization.yaml

@wibed
Copy link
Author

wibed commented Jul 13, 2022
edited
Loading

youre right.
it works fine, but i cannot determine the namespace the resources are created.

even though is set the values as follows:

  valuesInline:
    namespace: cert-manager
    clusterResourceNamespace: cert-manager

they are created in the namespace default
a related issue:
kubernetes-sigs/kustomize#3815

have you find a way to work around this problem?

@wibed wibed mentioned this issue Jul 14, 2022
Closed
@wibed wibed changed the title helm inflator kustomize not same result as helm install ... helm inflator kustomize not same result as helm install Jul 16, 2022
@wibed
Copy link
Author

wibed commented Aug 22, 2022

Duplicate of kubernetes-sigs/kustomize#4593

/close

@wibed wibed closed this as completed Aug 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Alegrowin @jetstack-bot @wibed