search

1Password / connect-helm-charts

Official 1Password Helm Charts
https://developer.1password.com
MIT License
90 stars 73 forks source link

Ingress resource is not created #179

Closed Tipsmark closed 4 months ago

Tipsmark commented 8 months ago

kubernetes

Chart Version: latest 1.8

Helm Version: latest

Kubernetes Version: 1.27, 1.28

What happened?

ingress: true does NOTHING

What did you expect to happen?

ingress resource to be created

Steps to reproduce

deploy chart, modify ingress in values to true and configure the rest.

ingridcrant commented 4 months ago

Hi @Tipsmark 👋🏻 I'm actively looking into this issue. Could you provide the helm command that you're using alongside the config file (if any) you're passing in so I can better help?

Tipsmark commented 4 months ago

Sure, I use kustomization but you'll get the general idea. I need the patch to ensure the URL works.

kustomization.yaml `apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization

helmCharts:

patches:

resources:

ingress.yaml:

`apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: 1password-ingress annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: the-dns-name-I-want spec: ingressClassName: nginx-internal rules:

ingridcrant commented 4 months ago

I haven't used kustomization with this helm chart before, but I spun up a crude version of it with our connect helm chart to demonstrate that an ingress resource is created. Here is what I have:

kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
helmCharts:
  - name: secrets-injector
    version: 1.0.1
    repo: https://1password.github.io/connect-helm-charts/
    releaseName: core

  - name: connect
    version: "1.15"
    repo: "https://1password.github.io/connect-helm-charts/"
    releaseName: core
    includeCRDs: true
    valuesInline:
      connect:
        credentials_base64: <my credentials>
        ingress:
          enabled: true
      operator:
        create: true
        token:
          value: <my token>

And here is how I deployed Screenshot 2024-05-14 at 4 15 44 PM

ingridcrant commented 4 months ago

I believe that a good place to start is to make sure that those ingress values are passed in properly to the chart. From your kustomization.yaml, you're including ingress.yaml as a resource. If you're running kustomize build it's patching it into the bottom of your kustomization.yaml like this:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
helmCharts:
  - name: secrets-injector
    version: 1.0.1
    repo: https://1password.github.io/connect-helm-charts/
    releaseName: core
...
------------------------------------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: 1password-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    external-dns.alpha.kubernetes.io/hostname: the-dns-name-I-want
spec:
  ingressClassName: nginx-internal
  rules:
    host: the-dns-name-I-want
    http:
...

This won't work correctly with our Helm Chart as we create an ingress resource based on what is passed in as values (insight into how our ingress works in ingress.yaml).

I hope this information is helpful.

Tipsmark commented 4 months ago

Try to change the hostname for your ingress.... chart-example.local is the default

ingridcrant commented 4 months ago

Hey @Tipsmark! I understand that you're still having issues with ingress on our Helm Charts. The initial issue filed tells us that the only bug that needs to be addressed is that the ingress resource is not created. Using default values, I've been able to confirm that the ingress resource is created as expected.

However, if you're having issues creating the resource under a different configuration and you believe it's a bug with our Helm Chart, please open a new issue and provide additional details of your use case (in this case, non-default hostname) to help us reproduce and find the root cause. The team will do our best to help!

Tipsmark commented 4 months ago

No worries, If you cant troubleshoot or create it based on this info, then it's up to you to do whatever you like.