Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

defaultNamespace field not considered by Fleet #752

Open
mattups opened this issue Apr 27, 2022 · 9 comments
Open

defaultNamespace field not considered by Fleet #752

mattups opened this issue Apr 27, 2022 · 9 comments
Labels
kind/enhancement status/dev-validate

Comments

@mattups
Copy link

mattups commented Apr 27, 2022

Problem

As issue title says, seems that Fleet is not considering the defaultNamespace field apparently.

Heres my fleet.yaml file:

defaultNamespace: falco
helm:
  repo: https://falcosecurity.github.io/charts
  chart: falco
  releaseName: falco
  version: 1.17.4
  valuesFiles:
    - values.yaml
  valuesFrom:
  - secretKeyRef:
      name: falco-secret
      namespace: falco
      key: values.yaml

But when deploying is launched via Fleet, this error comes up:

error while running post render on files: invalid cluster scoped object [name=falco kind=ClusterRole apiVersion=rbac.authorization.k8s.io/v1] found, consider using "defaultNamespace", not "namespace" in fleet.yaml

Any tips on this?

Info

Rancher v2.5.11
Fleet rancher/fleet:v0.3.5
@MKlimuszka
Copy link

We need to see if this is reproducible in 2.6.x

@zube zube bot removed the [zube]: To Triage label May 3, 2022
@mattups
Copy link
Author

mattups commented May 5, 2022

@MKlimuszka what about 2.5.x?

@mattups
Copy link
Author

mattups commented May 13, 2022

Hi, upgrading to 2.5.13 didn't fix the issue. Also, it seems generalized, as now I'm trying to install cert-manager and I have the same problem:

error while running post render on files: invalid cluster scoped object [name=certificaterequests.cert-manager.io kind=CustomResourceDefinition apiVersion=apiextensions.k8s.io/v1] found, consider using "defaultNamespace", not "namespace" in fleet.yaml

fleet.yaml file:

defaultNamespace: cert-manager
helm:
  repo: https://charts.jetstack.io
  chart: cert-manager
  releaseName: cert-manager
  version: 1.8.0
  values:
    extraArgs: {--dns01-recursive-nameservers-only,--dns01-recursive-nameservers=8.8.8.8:53,8.8.4.4:53}
    global.leaderElection.namespace: cert-manager
    installCRDs: true

@snovak7
Copy link

snovak7 commented Jun 30, 2022

Same problem in
Rancher v2.6.5
Fleet rancher/fleet:v0.3.9

@zube zube bot removed the team/area3 label Jul 5, 2022
@mattfarina mattfarina added this to Fleet Jul 7, 2022
@mattfarina mattfarina moved this to 🆕 New in Fleet Jul 7, 2022
@gray314
Copy link

gray314 commented Jul 13, 2022

Have the same issue...
Rancher v2.6.5
Fleet rancher/fleet:v0.3.9

The workaround for me is to remove the value from the 'namespace' field in fleet.yaml and keep value of namespace only in 'defaultNamespace' field

@zube zube bot added the team/fleet label Jul 26, 2022
@rotemsh15
Copy link

rotemsh15 commented Nov 10, 2022
edited
Loading

Bump
Experiencing this on Rancher 2.6.7
I believe the docs for fleet.yaml mention something about cluster wide resources (CRDs as an example)

# The default namespace to be applied to resources. This field is not used to
# enforce or lock down the deployment to a specific namespace, but instead
# provide the default value of the namespace field if one is not specified
# in the manifests.
# Default: default
defaultNamespace: default
# All resources will be assigned to this namespace and if any cluster scoped
# resource exists the deployment will fail.
# Default: ""
namespace: default

However, there's no mention on what to do for the bundle to deploy CRDs

@kkaempf kkaempf removed this from Fleet Dec 6, 2022
@manno
Copy link
Member

manno commented Jan 9, 2023
edited
Loading

defaultNamespace should not trigger that "invalid cluster scoped object" error message.
Are you using namespace: in fleet.yaml or targetNamespace: in the gitrepo resource?

@vwbusguy
Copy link

vwbusguy commented Oct 2, 2023
edited
Loading

I see the same thing in Rancher 2.7.7. It definitely happens with only specifying defaultNamespace and not namespace as well.

defaultNamespace: cert-manager
helm:
  repo: https://charts.jetstack.io
  releaseName: cert-manager
  chart: cert-manager
  values:
    namespace: cert-manager
    installCRDs: true

Have also tried a number of combinations of setting defaultNamespace and/or namespace. It seems fleet really doesn't know what to make of the CRDs in every case.

EDIT: I got it to work by removing the targetNamespace in the gitrepo object.

@kkaempf kkaempf mentioned this issue Jun 4, 2024
Closed
@0xavi0
Copy link
Contributor

0xavi0 commented Jul 22, 2024

Just a follow up on this one as I think there is some confusion.

An error similar to

error while running post render on files: invalid cluster scoped object [name=certificaterequests.cert-manager.io kind=CustomResourceDefinition apiVersion=apiextensions.k8s.io/v1] found, consider using "defaultNamespace", not "namespace" in fleet.yaml

happens when:

  • GitRepo resource has the targetNamespace (note is not defaultNamespace in the fleet.yaml)
  • fleet.yaml has the namespace value.

In both cases fleet does not allow to create any resource out of the specified namespace and cluster wide resources (like CRDs) are not allowed.

We're working on changing the wording of the error to hopefully be more concise in this case.

@kkaempf kkaempf mentioned this issue Jul 31, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement status/dev-validate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@snovak7 @kkaempf @manno @vwbusguy @MKlimuszka @gray314 @mattups @rotemsh15 @0xavi0