-
Notifications
You must be signed in to change notification settings - Fork 22
Conversation
If you try and install the chart its missing the global key at the root of the chart that many macro's are expecting. This patch adds the missing key so that it works. Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
Won't this just create the same problem when "Values.global.spire" is now missing? |
The problem is a lot of the templates are staring from .Values.global and then looking for the rest optionally. For example: We can fix it in all the macros/templates, but there is a bunch of nontrivial logic that would have to be rewritten to make it work. Just adding the global section is enough to get it all working. |
I don't fully get in what occasion it fails? Could you describe the steps to reproduce the issue? I'm successfully able to deploy the chart. Why do we need to add this? |
If a template references a missing value, then it will either succeed or fail based on the parent tree of the value being present. So, if you are attempting to read Values.globals.spire.namespace (as an example) there are lots of tools and tricks to handle if Values.globals.spire.namespace is missing, and even a few easy to implement approache for Values.globals.spire being missing, but once you go "two items up" you need to explicitly put in a lot of "default values" to make the logic for the the two preceeding examples to work, because they both would require Values.globals to be defined. My main concern is that we are ignoring the core issue, should we have a "globals" value at all? It simplifies the value passing between charts, but only by making all nested charts reference a value in a "global" path. That means the sub-charts would then require a global object, even if they aren't sub-charts, and lack any kind of sharing. Also the global approach is not cannon, it is a "pattern" to work around the issue of "where is the value" when a value in one sub-chart is needed in another sub-chart. The way it is "supposed" to work, from Helm's books and tutorials is that the child chart should "export" the value into a parent chart, which requires the parent chart to configure the "acceptance" of the value in the dependency. Then from the parent chart another nested chart could reference it without a "easy to break" relative path from one sub-chart to another. And I'll come clean on this one. I've been searching for a week for any kind of documentation in a book or article that states that breaking an application comprised of micro-services into a bunch of sub-charts is desired, cannon, or even beneficial. I can't find it, and I used to do research professionally. Nested chart examples almost always present one of two examples:
In my mind, that's not what we are doing, I really can't fathom the benefit of pulling out the OIDC connector and deploying it without a SPIRE server. I can't understand what use a registrar would be without a SPIRE server. And outside of a corner case in tired deployments, agents should deploy with servers. The corner case is easy to handle too, if you just make a "child" SPIRE deployment include the "parent's" agent with the child's server as a strong requirement. That said, I've often permitted my ideas to take a back seat in the light of strong opposition. I have seen some strong opposition to non-nested SPIRE servers, agents, oidc connectors, and registrars / controller managers. I am putting trust into the team, but I wonder if the fascination with nested deployments are a bit like the fascination with operator overloading in C++. It's more complicated than most tasks, the last thing that one learns, and difficult to pull of bug-free, so naturally the problem solvers in us decide it's a requirement (I'm saying that in jest, but there's a kernel of truth in it). I'm not against nesting, but I'd really like to limit it to databases or items that are clearly "other non-SPIRE applications". |
@marcofranssen @faisal-memon @mrsabath I know that I've voiced some opinions on this matter where I restate my dislike for our use of nested charts for what I consider to be one application, but please don't let my statements block reviews. There is no need to agree with my comments. If we have two passing reviews on this, even if I'm still holding reservations, let's merge it. But, please review it. It's been in this state for 2 weeks. |
We discussed this PR on the sync meeting today. This PR is intended to be a temporary fix to allow us to support individual charts. The reason is that the nested charts refer to global value, so they need a global section to be deployed independently. Issue #343 is to track the proper fix of removing the reliance on |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🚀
* 57a9320 Add SPIRE 1.7.0 to main readme (#357) * af36f7c Align the bash image version with other instances for spire-agent (#356) * c11a8c0 Implement pre-delete hook for graceful delete of spiffe-oidc-discovery-provider (#353) * a6dcf26 Allow for SPIRE Agent to run as non root user (#209) * 9cf6049 Allow contributors to run linting easily on local * e88f7f6 Add configmap annotation to spire-bundle configmap (#351) * 020bde8 Add support to create a issuer and CA via cert-manager (#342) * 9d504de Ignore .DS_Store files * e6b608c Bump spire images to 1.7.0 (#348) * c97a788 Fix bundle role/rolebinding naming conflict (#333) * b66077e Bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 (#349) * d0da864 Add missing metadata to subcharts (#347) * 4c0a1d5 Allow overriding test images (#186) * 250fd5d Add missing global values to charts (#311) * 5d8c907 Dropping k8s versions in CI older than 3, as per readme (#344) * 8748933 Update upstream-ca-secret.yaml (#341) * 4e07450 Fix ingress annotations for federation (#337) * ea09199 Bump actions/checkout from 3.5.0 to 3.5.3 * 87fe198 Merge pull request #331 from edwbuck/key_conventions * ddc0166 Fix line wrapping. * 0cae9ce Update project/conventions.md * cb18255 Update project/conventions.md * 52e5c24 Upgrade Tornjak to image v1.2.2 (#328) * 28e2abf Choose a different example for dotted Acronyms. * d60d68c Added accidentally clipped explicit name guidelines. * abe9fde Merge branch 'main' into key_conventions * f6a7b62 Update project/conventions.md * c4d19db Update project/conventions.md * cfa9f78 Bump test chart dependencies (#332) * c3213ab Initial submission of Helm Chart key naming conventions. * 28c0824 Bump test chart dependencies (#322) * d333154 Add Makefile for local testing (#327) * 9fa1ec2 Improve Tornjak backend test (#321) * 5b779dc Improve Tornjak frontend test (#320) Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
* 57a9320 Add SPIRE 1.7.0 to main readme (#357) * af36f7c Align the bash image version with other instances for spire-agent (#356) * c11a8c0 Implement pre-delete hook for graceful delete of spiffe-oidc-discovery-provider (#353) * a6dcf26 Allow for SPIRE Agent to run as non root user (#209) * 9cf6049 Allow contributors to run linting easily on local * e88f7f6 Add configmap annotation to spire-bundle configmap (#351) * 020bde8 Add support to create a issuer and CA via cert-manager (#342) * 9d504de Ignore .DS_Store files * e6b608c Bump spire images to 1.7.0 (#348) * c97a788 Fix bundle role/rolebinding naming conflict (#333) * b66077e Bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 (#349) * d0da864 Add missing metadata to subcharts (#347) * 4c0a1d5 Allow overriding test images (#186) * 250fd5d Add missing global values to charts (#311) * 5d8c907 Dropping k8s versions in CI older than 3, as per readme (#344) * 8748933 Update upstream-ca-secret.yaml (#341) * 4e07450 Fix ingress annotations for federation (#337) * ea09199 Bump actions/checkout from 3.5.0 to 3.5.3 * 87fe198 Merge pull request #331 from edwbuck/key_conventions * ddc0166 Fix line wrapping. * 0cae9ce Update project/conventions.md * cb18255 Update project/conventions.md * 52e5c24 Upgrade Tornjak to image v1.2.2 (#328) * 28e2abf Choose a different example for dotted Acronyms. * d60d68c Added accidentally clipped explicit name guidelines. * abe9fde Merge branch 'main' into key_conventions * f6a7b62 Update project/conventions.md * c4d19db Update project/conventions.md * cfa9f78 Bump test chart dependencies (#332) * c3213ab Initial submission of Helm Chart key naming conventions. * 28c0824 Bump test chart dependencies (#322) * d333154 Add Makefile for local testing (#327) * 9fa1ec2 Improve Tornjak backend test (#321) * 5b779dc Improve Tornjak frontend test (#320) Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
If you try and install the chart its missing the global key at the root of the chart that many macro's are expecting. This pr adds the missing key so that it works.