[nri-metadata-injection] Helm Upgrade clears caBundle which breaks the webhook calls #105
Comments
3 tasks
|
Thanks for reporting, we went for the second option: rerun the job on upgrade |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug description
When running helm upgrade on an installed version of the webhook it will set the state to what helm keeps track of. Right now in the mutatingwebhookconfiguration template the caBundle is set to an empty string. Then helm upgrades it will set it to that empty string even though the job patched it after first install.
Version of Helm and Kubernetes
1.17.9
Which chart?
nri-metadata-injection
What happened?
MutatingWebhookConfigurations caBundle is cleared on helm upgrade.
What you expected to happen?
The caBundle is left alone since it was patched by the job at first install.
How to reproduce it?
Install the chart. Make a change that would make help re-apply the chart. Run helm upgrade and the caBundle is cleared.
Anything else we need to know?
The quick fix would be the remove the caBundle property from the MutatingWebhookConfiguration template that way helm does not manage it. Then when the cert job runs it will patch it. Another option is to setup the job to always run on install and upgrade using a hook which should make sure it is patched.
The text was updated successfully, but these errors were encountered: