Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helm upgrade failed: cannot patch "certificates.cert-manager.io" with kind CustomResourceDefinition: "" is invalid: patch: ... #3644

Closed
wallrj opened this issue Feb 9, 2021 · 6 comments · Fixed by #3647
Closed

Helm upgrade failed: cannot patch "certificates.cert-manager.io" with kind CustomResourceDefinition: "" is invalid: patch: ... #3644

wallrj opened this issue Feb 9, 2021 · 6 comments · Fixed by #3647
Assignees
@irbekrm
Labels
kind/bug Categorizes issue or PR as related to a bug.
Milestone
v1.2

Comments

@wallrj
Copy link
Member

wallrj commented Feb 9, 2021
edited
Loading

@JoshVanL reported a failure in Helm upgrade from 1.1.0 to 1.2.0-alpha.2 fails with the following error:

helm upgrade   cert-manager jetstack/cert-manager   --namespace cert-manager   --version v1.2.0-alpha.2 --set installCRDs=true                                   Error: UPGRADE FAILED: cannot patch "certificates.cert-manager.io" with kind CustomResourceDefinition:  "" is invalid: patch: Invalid value:
...
cannot convert int64 to float64

@wallrj reproduced the error with Helm version 3.5.1 and 3.5.2

helm install   cert-manager jetstack/cert-manager   --namespace cert-manager   --version v1.1.0 --set installCRDs=true --create-namespace

helm upgrade   cert-manager jetstack/cert-manager   --namespace cert-manager   --version v1.2.0-alpha.0 --set installCRDs=true

/milestone v1.2
/kind bug
@jetstack-bot
Copy link
Contributor

@wallrj: The provided milestone is not valid for this repository. Milestones in this repository: [Next, v1.2]

Use /milestone clear to clear the milestone.

In response to this:

@JoshVanL reported a failure in Helm upgrade from 1.1.0 to 1.2.0-alpha.2 fails with the following error:

helm upgrade   cert-manager jetstack/cert-manager   --namespace cert-manager   --version v1.2.0-alpha.2 --set installCRDs=true                                   Error: UPGRADE FAILED: cannot patch "certificates.cert-manager.io" with kind CustomResourceDefinition:  "" is invalid: patch: Invalid value:
...
cannot convert int64 to float64

@wallrj reproduced the error with Helm version 3.5.1 and 3.5.2

helm install   cert-manager jetstack/cert-manager   --namespace cert-manager   --version v1.1.0 --set installCRDs=true --create-namespace

helm upgrade   cert-manager jetstack/cert-manager   --namespace cert-manager   --version v1.2.0-alpha.0 --set installCRDs=true

/milestone 1.2
/kind bug

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jetstack-bot jetstack-bot added the kind/bug Categorizes issue or PR as related to a bug. label Feb 9, 2021
@wallrj
Copy link
Member Author

wallrj commented Feb 9, 2021

/milestone v1.2

@jetstack-bot jetstack-bot added this to the v1.2 milestone Feb 9, 2021
@irbekrm
Copy link
Contributor

irbekrm commented Feb 9, 2021

/assign

@irbekrm
Copy link
Contributor

irbekrm commented Feb 9, 2021

Some related chat on Slack here

I observed the same issue when upgrading v1.0.4 -> v1.1.0 so perhaps this issue is not related to v1.2.0.alpha at all?

With Helm v3.5.2 and Kubernetes 1.19:

Running helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.0.4 --create-namespace --set installCRDs=true
then helm upgrade cert-manager jetstack/cert-manager --namespace cert-manager --version v1.1.0 --set installCRDs=true
results in

Error: UPGRADE FAILED: cannot patch "certificates.cert-manager.io" with kind CustomResourceDefinition:  "" 
...
ap[acceptedNames:map[kind: plural:] conditions:[] storedVersions:[]]]": cannot convert int64 to float64

Similar issues:

@irbekrm
Copy link
Contributor

irbekrm commented Feb 9, 2021

It looks like the issue is conversion of minimum and maximum field values (here, here, here and here) in the Certificate CRD as described in this helm issue. I don't fully understand yet why this issue appears only when we run helm upgrade and not helm install.
I have manually tested that when I have a cert-manager v1.1.0 installed with helm and a local cert-manager helm chart built from v1.2.0alpha that I try to upgrade to:

  • If I remove the minimum, maximum fields, `upgrade succeeds
  • If I set the minimum, maximum field values to something like 0.0, 8192.0 upgrade still fails with the same error
  • If I set it the values to something like 0.5, 8192.5 upgrade succeeds
  • Changing field type integer -> number has no effect (fails)

I think that perhaps we could remove the minimum and maximum fields from the Helm chart. They seem to suggest that allowed values for private key size are in range (0, 8192) which is incorrect and we have admission webhook that performs cert.spec.privateKey.size field validation.

irbekrm added a commit to irbekrm/cert-manager that referenced this issue Feb 9, 2021
@irbekrm
Removes minimum and maximum fields from Certificate CRD
863c709 
This was done to fix Helm data type conversion problem- see issue cert-manager#3644 for more context

Signed-off-by: irbekrm <irbekrm@gmail.com>
This was referenced Feb 9, 2021
Merged
Closed
irbekrm added a commit to irbekrm/cert-manager that referenced this issue Feb 11, 2021
@irbekrm
Removes minimum and maximum fields from Certificate CRD
72c40f4 
This was done to fix Helm data type conversion problem- see issue cert-manager#3644 for more context

Signed-off-by: irbekrm <irbekrm@gmail.com>
jakexks pushed a commit to jakexks/cert-manager that referenced this issue Feb 16, 2021
@irbekrm @jakexks
Removes minimum and maximum fields from Certificate CRD
ca72710 
This was done to fix Helm data type conversion problem- see issue cert-manager#3644 for more context

Signed-off-by: irbekrm <irbekrm@gmail.com>
@Flasheh Flasheh mentioned this issue Apr 10, 2021
Closed
@derekbit derekbit mentioned this issue Apr 1, 2022
Closed
@wallrj
Copy link
Member Author

wallrj commented Aug 16, 2024

According to @derekbit in longhorn/longhorn#3631 (comment) the root cause of this problem may have been solved in kubernetes/kubernetes#93250 :

Therefore this warning comment in cert-manager can probably be removed:

cert-manager/pkg/apis/certmanager/v1/types_certificate.go

Lines 25 to 35 in b01a834

// NOTE: Be mindful of adding OpenAPI validation- see https://github.com/cert-manager/cert-manager/issues/3644
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
// A Certificate resource should be created to ensure an up to date and signed
// X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.
//
// The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).
type Certificate struct {

@wallrj wallrj mentioned this issue Aug 16, 2024
Open
@wallrj wallrj mentioned this issue Sep 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@irbekrm irbekrm

Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
v1.2
Development

Successfully merging a pull request may close this issue.

Fix Helm chart type conversion bug irbekrm/cert-manager
3 participants
@wallrj @irbekrm @jetstack-bot