Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect service account name between charts configuration #182

Closed
taufik-rama opened this issue Jul 7, 2023 · 0 comments 路 Fixed by #183
Closed

Incorrect service account name between charts configuration #182

taufik-rama opened this issue Jul 7, 2023 · 0 comments 路 Fixed by #183
Labels
bug Something isn't working

Comments

@taufik-rama
Copy link

Describe the bug
Hello 馃憢

I'm currently trying the projects out, and I've an issue about authentik worker pods not running. After a little bit of debugging it seems that the cause is service account used by the worker deployment being "not created"

captain@glados:~$ kubectl describe rs/auth-authentik-worker-796d85c7dc -n infra
Name:           auth-authentik-worker-796d85c7dc
# ...
Events:
  Type     Reason        Age                 From                   Message
  ----     ------        ----                ----                   -------
  Warning  FailedCreate  14m (x19 over 35m)  replicaset-controller  Error creating: pods "auth-authentik-worker-796d85c7dc-" is forbidden: error looking up service account infra/auth-authentik: serviceaccount "auth-authentik" not found

And sure enough the service account seems to not have the assumed value

captain@glados:~$ kubectl get sa -n infra
NAME         SECRETS   AGE
auth         0         41m
auth-redis   0         41m
default      0         5d3h
# Exhaustive list

I don't really know charts templating system, so CMIIW: it seems that

helm/charts/authentik-remote-cluster/templates/service-account.yaml

Line 5 in 69aef87

name: {{ include "authentik-remote-cluster.fullname" . }}

uses the Release.Name value

helm/charts/authentik-remote-cluster/templates/_helpers.tpl

Lines 13 to 15 in 69aef87

{{- define "authentik-remote-cluster.fullname" -}}
{{- if not .Chart.IsRoot }}
{{- .Release.Name }}

which in this case happens to be auth, causing the mismatch between the resources values

To Reproduce
Steps to reproduce the behavior:

I didn't exactly note down precisely the steps, since this is happening on currently-running cluster, but IIRC it's just

helm upgrade --install auth -n infra goauthentik/ -f goauthentik.yaml

Where goauthentik/ is just the extracted charts from $ helm pull --untar --untardir goauthentik/ authentik/authentik --version 2023.5.4 and goauthentik.yaml is just the default value from the Installation docs page

Expected behavior
Service account should be created with the correct name (or the configuration value changed to follow the service account name).

Version and Deployment:

  • authentik version: 2023.5.4
  • Deployment: helm
@taufik-rama taufik-rama added the bug Something isn't working label Jul 7, 2023
@BeryJu BeryJu transferred this issue from goauthentik/authentik Jul 7, 2023
@BeryJu BeryJu mentioned this issue Jul 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix serviceAccount name when release name does not contain authentik goauthentik/helm
1 participant
@taufik-rama