Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helm lookup function doesn't seem to be working #1779

Closed
shinebayar-g opened this issue Jan 30, 2024 · 3 comments
Closed

Helm lookup function doesn't seem to be working #1779

shinebayar-g opened this issue Jan 30, 2024 · 3 comments
Labels
bug Something isn't working closed-for-staleness Issue/PR was closed due to staleness needs-triage Priority and effort undetermined yet response-requested Awaiting response from author

Comments

@shinebayar-g
Copy link

Description of the bug:

While generating yaml files from Cilium helm chart, I ran into some issue. Every time cdk8s synth runes, it's generating a new certificate.

Looks like Cilium helm chart uses helm lookup function to decide whether to generate a new certificate or not.
Because of this cdk8s synth is always overwriting a generated Secrets.

In this example, Secret.cilium-ca.yaml, Secret.hubble-server-certs.yaml files are always overwritten.

Reproduction Steps:

export class Cilium {
    constructor(chart: Construct) {
        new Helm(chart, 'cilium', {
            releaseName: 'cilium',
            chart: 'cilium',
            repo: 'https://helm.cilium.io/',
            version: '1.14.6',
            namespace: 'kube-system',
            values: {
                securityContext: {
                    capabilities: {
                        ciliumAgent: [
                            'CHOWN',
                            'KILL',
                            'NET_ADMIN',
                            'NET_RAW',
                            'IPC_LOCK',
                            'SYS_ADMIN',
                            'SYS_RESOURCE',
                            'DAC_OVERRIDE',
                            'FOWNER',
                            'SETGID',
                            'SETUID',
                        ],
                        cleanCiliumState: ['NET_ADMIN', 'SYS_ADMIN', 'SYS_RESOURCE'],
                    },
                },
                ipam: {
                    mode: 'kubernetes',
                },
                kubeProxyReplacement: 'false',
                cgroup: {
                    autoMount: {
                        enabled: false,
                    },
                    hostRoot: '/sys/fs/cgroup',
                },
            },
        });
    }
}

Error Log:

Environment:

  • Framework Version:
"cdk8s": "2.68.31",
"constructs": "10.3.0",
"cdk8s-cli": "2.198.36",
  • OS: Linux

Other:

This is 🐛 Bug Report
@shinebayar-g shinebayar-g added bug Something isn't working needs-triage Priority and effort undetermined yet labels Jan 30, 2024
@iliapolo
Copy link
Member

iliapolo commented Jun 2, 2024

@shinebayar-g Are you not getting the same behavior when running helm template? All the Helm construct does is run helm template, so as long as helm as the necessary cluster context, I don't see a reason for this to fail.

Can you verify helm is able to connect to your cluster and identify existing certificates when running helm template?

Thanks

@iliapolo iliapolo added the response-requested Awaiting response from author label Jun 2, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 2, 2024

This issue has not received a response in a while and will be closed soon. If you want to keep it open, please leave a comment below @mentioning a maintainer.

@github-actions github-actions bot added the closing-soon Issue/PR will be closing soon if no response is provided label Jul 2, 2024
@github-actions github-actions bot added closed-for-staleness Issue/PR was closed due to staleness and removed closing-soon Issue/PR will be closing soon if no response is provided labels Jul 9, 2024
@github-actions github-actions bot closed this as completed Jul 9, 2024
@shinebayar-g
Copy link
Author

shinebayar-g commented Nov 18, 2024
edited
Loading

I revisited this again recently. It seems lookup function doesn't work in helm template command, hence the error.
Related issue in ArgoCD argoproj/argo-cd#5202

Actually, https://helm.sh/docs/chart_template_guide/functions_and_pipelines/#using-the-lookup-function mentions that lookup function doesn't work by default in helm template. To allow connection to the running cluster, we must use --dry-run=server flag.

In cdk8s, it's equivalent to helmFlags: ['--dry-run=server'],. Once it's added it seems to be working correctly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working closed-for-staleness Issue/PR was closed due to staleness needs-triage Priority and effort undetermined yet response-requested Awaiting response from author
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iliapolo @shinebayar-g