We are using Terraform and a "helm_release" resource to deploy chart version 10.2.1 in our EKS cluster.

During a clean install when ingressClassName is provided in values we encounter an error as if an ingress.class annotation has also been provided somehow. The opposite does not apply (having the annotation in place with ingressClassName commented out works fine).

While we do override the ingress annotations with a bunch of our own it seems as if the charts default annotation value makes it in there no matter what causing the issue.

Our values' snippet:

ingress:
  enabled: true
  ingressClassName: nginx
  annotations:
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST"
    nginx.ingress.kubernetes.io/cors-allow-headers: "Accept,Accept-Version,Authorization,Cache-ControlContent-Length,Content-MD5,Content-Type,Date,DNT,If-Modified-Since,Keep-Alive,User-Agent,X-Auth-Token,X-CustomHeader,X-Requested-With"
    nginx.ingress.kubernetes.io/cors-expose-headers: "X-Auth-Token"
    nginx.ingress.kubernetes.io/cors-allow-origin: "*"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/cors-max-age: "3600"
    nginx.ingress.kubernetes.io/enable-modsecurity: 'true'
    nginx.ingress.kubernetes.io/enable-owasp-core-rules: 'true'
    nginx.ingress.kubernetes.io/modsecurity-snippet: |
      SecRuleEngine On
      SecAction \"id:900200,phase:1,log,pass,t:none,setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT DELETE\'\"
    nginx.ingress.kubernetes.io/modsecurity-transaction-id: $request_id
  pathType: ImplementationSpecific
  hosts:
    - host: ${openfaas_domain}
      serviceName: gateway
      servicePort: 8080
      path: /

Expected Behaviour

The helm_release should produce the openfaas release on the cluster.

Current Behaviour

The "helm_release" fails with the following message:

│ Error: Ingress.extensions "openfaas-ingress" is invalid: annotations.kubernetes.io/ingress.class: Invalid value: "nginx": can not be set when the class field is also set
│ 
│   with module.infrastructure-layer-iac.helm_release.openfaas,
│   on .terraform/modules/infrastructure-layer-iac/openfaas.tf line 1, in resource "helm_release" "openfaas":
│    1: resource "helm_release" "openfaas" {

Are you a GitHub Sponsor (Yes/No?)

Check at: https://github.com/sponsors/openfaas

• Yes

  No
  To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.

List All Possible Solutions and Workarounds

If my hunch is correct removing the default value from values.yaml in the section ingress.annotations: "kubernetes.io/ingress.class: "nginx" should fix this.

Steps to Reproduce (for bugs)

1. Use terraform and create a "helm_release" resource to install OpenFaas helm chart
2. Override at least the values provided above
3. Execute terraform plan and terraform apply

Your Environment

• FaaS-CLI version ( Full output from: faas-cli version ):
  0.14.1
• Docker version docker version (e.g. Docker 17.0.05 ):
  20.10.13-2.amzn2
• What version and distriubtion of Kubernetes are you using? kubectl version
  Client Version: version.Info{Major:"1", Minor:"17+", GitVersion:"v1.17.9-eks-4c6976", GitCommit:"4c6976793196d70bc5cd29d56ce5440c9473648e", GitTreeState:"clean", BuildDate:"2020-07-17T19:00:19Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"windows/amd64"}
  Server Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.14-eks-18ef993", GitCommit:"ac73613dfd25370c18cbbbc6bfc65449397b35c7", GitTreeState:"clean", BuildDate:"2022-07-06T18:06:50Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"}
• Operating System and version (e.g. Linux, Windows, MacOS):
  EKS-optimized Amazon Linux