Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update service.yaml #68

Merged
merged 1 commit into from
May 28, 2024
Merged

Update service.yaml #68

merged 1 commit into from
May 28, 2024

Conversation

rits1902
Copy link
Contributor

Hello!

The fields in the selector within the services are getting duplicated when generated, and this is causing issues in FluxCD v2.

I'm implementing your chart in my FluxCD setup. However, while conducting tests, I encountered the mentioned error. I noticed a related issue on fluxcd/helm-controller#283. I tried the suggested test at the end of the thread using a shell script to generate the Helm template, and that's when I observed the issue of duplicated selectors.

Error:

Helm install failed for release trivy-report-operator/trivy-dojo-operator with chart [email protected]: error while running post render on files: map[string]interface {}(nil): yaml: unmarshal errors: line 20: mapping key "app.kubernetes.io/instance" already defined at line 17 line 19: mapping key "app.kubernetes.io/name" already defined at line 18

@rits1902
Update service.yaml
4d3b9f2 
The fields in the selector within the services are getting duplicated when generated, and this is causing issues in FluxCD v2.

Example error:

Helm install failed for release trivy-report-operator/trivy-dojo-operator with chart [email protected]: error while running post render on files: map[string]interface {}(nil): yaml: unmarshal errors: line 20: mapping key "app.kubernetes.io/instance" already defined at line 17 line 19: mapping key "app.kubernetes.io/name" already defined at line 18
@rits1902 rits1902 requested review from rndmh3ro and szEvEz as code owners May 25, 2024 03:25
@rits1902
Copy link
Contributor Author

rits1902 commented May 27, 2024
edited
Loading

The example below was after I executed the helm template using the shell mentioned on GitHub. As you can see in the service, it ended up with duplicate labels in the selector section.

trivy-dojo-report-operator % helm template trivy-dojo-report-operator . --dry-run=trivy-dojo-report-operator -n trivy-report-operator --post-renderer ./kustomize.sh

---
# Source: trivy-dojo-report-operator/templates/rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
 name: trivy-dojo-report-operator-account
 labels:
   helm.sh/chart: trivy-dojo-report-operator-0.6.1
   app.kubernetes.io/name: trivy-dojo-report-operator
   app.kubernetes.io/instance: trivy-dojo-report-operator
   app.kubernetes.io/version: "0.6.1"
   app.kubernetes.io/managed-by: Helm
 annotations:
   {}

---
# Source: trivy-dojo-report-operator/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
 name: trivy-dojo-report-operator-defect-dojo-api-credentials
 labels:
   helm.sh/chart: trivy-dojo-report-operator-0.6.1
   app.kubernetes.io/name: trivy-dojo-report-operator
   app.kubernetes.io/instance: trivy-dojo-report-operator
   app.kubernetes.io/version: "0.6.1"
   app.kubernetes.io/managed-by: Helm
stringData:
 apiKey: "xxxxxxxxx"
 url: "xxxxxxxxxx"
type: Opaque

---
# Source: trivy-dojo-report-operator/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
 name: trivy-dojo-report-operator-role-cluster
 labels:
   helm.sh/chart: trivy-dojo-report-operator-0.6.1
   app.kubernetes.io/name: trivy-dojo-report-operator
   app.kubernetes.io/instance: trivy-dojo-report-operator
   app.kubernetes.io/version: "0.6.1"
   app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
 - aquasecurity.github.io
 resources:
 - vulnerabilityreports
 - rbacassessmentreports
 - configauditreports
 - infraassessmentreports
 - exposedsecretreports
 verbs:
 - list
 - watch
 - patch
 - get
- apiGroups:
 - apiextensions.k8s.io
 resources:
 - customresourcedefinitions
 verbs:
 - list
 - watch
- apiGroups:
 - ""
 resources:
 - namespaces
 verbs:
 - list
 - watch
- apiGroups:
 - ""
 resources:
 - events
 verbs:
 - create

---
# Source: trivy-dojo-report-operator/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: trivy-dojo-report-operator-rolebinding-cluster
 labels:
   helm.sh/chart: trivy-dojo-report-operator-0.6.1
   app.kubernetes.io/name: trivy-dojo-report-operator
   app.kubernetes.io/instance: trivy-dojo-report-operator
   app.kubernetes.io/version: "0.6.1"
   app.kubernetes.io/managed-by: Helm
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
 name: 'trivy-dojo-report-operator-role-cluster'
subjects:
- kind: ServiceAccount
 name: 'trivy-dojo-report-operator-account'
 namespace: 'trivy-report-operator'

---
# Source: trivy-dojo-report-operator/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
 name: trivy-dojo-report-operator-operator
 labels:
   helm.sh/chart: trivy-dojo-report-operator-0.6.1
   app.kubernetes.io/name: trivy-dojo-report-operator
   app.kubernetes.io/instance: trivy-dojo-report-operator
   app.kubernetes.io/version: "0.6.1"
   app.kubernetes.io/managed-by: Helm
spec:
 type: ClusterIP
 selector:
   app.kubernetes.io/instance: trivy-dojo-report-operator
   app.kubernetes.io/name: trivy-dojo-report-operator
   app.kubernetes.io/name: trivy-dojo-report-operator
   app.kubernetes.io/instance: trivy-dojo-report-operator
 ports:
 - name: metrics
   port: 80
   protocol: TCP
   targetPort: metrics

---
# Source: trivy-dojo-report-operator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
 name: trivy-dojo-report-operator-operator
 labels:
   helm.sh/chart: trivy-dojo-report-operator-0.6.1
   app.kubernetes.io/name: trivy-dojo-report-operator
   app.kubernetes.io/instance: trivy-dojo-report-operator
   app.kubernetes.io/version: "0.6.1"
   app.kubernetes.io/managed-by: Helm
spec:
 replicas: 1
 selector:
   matchLabels:
     application: trivy-dojo-report-operator
     app.kubernetes.io/name: trivy-dojo-report-operator
     app.kubernetes.io/instance: trivy-dojo-report-operator
 template:
   metadata:
     labels:
       application: trivy-dojo-report-operator
       app.kubernetes.io/name: trivy-dojo-report-operator
       app.kubernetes.io/instance: trivy-dojo-report-operator
   spec:
     containers:
     - env:
       - name: DEFECT_DOJO_API_KEY
         valueFrom:
           secretKeyRef:
             key: apiKey
             name: trivy-dojo-report-operator-defect-dojo-api-credentials
             optional: false
       - name: DEFECT_DOJO_URL
         valueFrom:
           secretKeyRef:
             key: url
             name: trivy-dojo-report-operator-defect-dojo-api-credentials
             optional: false
       - name: DEFECT_DOJO_ACTIVE
         value: "true"
       - name: DEFECT_DOJO_VERIFIED
         value: "false"
       - name: DEFECT_DOJO_CLOSE_OLD_FINDINGS
         value: "false"
       - name: DEFECT_DOJO_CLOSE_OLD_FINDINGS_PRODUCT_SCOPE
         value: "false"
       - name: DEFECT_DOJO_PUSH_TO_JIRA
         value: "false"
       - name: DEFECT_DOJO_MINIMUM_SEVERITY
         value: "Info"
       - name: DEFECT_DOJO_AUTO_CREATE_CONTEXT
         value: "true"
       - name: DEFECT_DOJO_DEDUPLICATION_ON_ENGAGEMENT
         value: "true"
       - name: DEFECT_DOJO_PRODUCT_TYPE_NAME
         value: "Infraestrutura"
       - name: DEFECT_DOJO_EVAL_PRODUCT_TYPE_NAME
         value: "false"
       - name: DEFECT_DOJO_ENV_NAME
         value: "Development"
       - name: DEFECT_DOJO_EVAL_ENV_NAME
         value: "false"
       - name: DEFECT_DOJO_TEST_TITLE
         value: "Kubernetes"
       - name: DEFECT_DOJO_EVAL_TEST_TITLE
         value: "false"
       - name: DEFECT_DOJO_ENGAGEMENT_NAME
         value: "engagement"
       - name: DEFECT_DOJO_EVAL_ENGAGEMENT_NAME
         value: "false"
       - name: DEFECT_DOJO_PRODUCT_NAME
         value: "Recursos compartilhados Nonprod"
       - name: DEFECT_DOJO_EVAL_PRODUCT_NAME
         value: "false"
       - name: DEFECT_DOJO_DO_NOT_REACTIVATE
         value: "true"
       - name: REPORTS
         value: "vulnerabilityreports"
       - name: KUBERNETES_CLUSTER_DOMAIN
         value: "cluster.local"
       image: ghcr.io/telekom-mms/docker-trivy-dojo-operator:0.6.1
       livenessProbe:
         httpGet:
           path: /healthz
           port: 8080
         initialDelaySeconds: 5
         periodSeconds: 30
       name: trivy-dojo-report-operator
       securityContext:
         allowPrivilegeEscalation: false
         capabilities:
           drop:
           - ALL
         privileged: false
         readOnlyRootFilesystem: true
         runAsGroup: 1000
         runAsUser: 1000
         seccompProfile:
           type: RuntimeDefault
     securityContext:
       fsGroup: 1000
       fsGroupChangePolicy: Always
       runAsNonRoot: true
     serviceAccountName: trivy-dojo-report-operator-account

@szEvEz
Copy link
Collaborator

szEvEz commented May 28, 2024

Hi @rits1902,

you are absolutely right. Thanks for pointing this out and fixing the issue with this PR!

szEvEz
szEvEz approved these changes May 28, 2024
View reviewed changes
Copy link
Collaborator

@szEvEz szEvEz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@szEvEz szEvEz merged commit 7efaaa2 into telekom-mms:main May 28, 2024
5 checks passed
@rits1902
Copy link
Contributor Author

Good morning everyone, thank you very much for approving my pull requests. I just tested the chart deployment on FluxCD again, and it worked perfectly.

Thank you very much, and have a great day at work, everyone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szEvEz szEvEz szEvEz approved these changes

@rndmh3ro rndmh3ro Awaiting requested review from rndmh3ro rndmh3ro is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rits1902 @szEvEz