search

aquasecurity / trivy-operator

Kubernetes-native security toolkit
https://aquasecurity.github.io/trivy-operator/latest
Apache License 2.0
1.12k stars 187 forks source link

crd symlink is not followed when deploying via helm #1100

Closed daniel-laszlo closed 1 year ago

daniel-laszlo commented 1 year ago

What steps did you take and what happened:

We are using helmfile to deploy certain helm charts including trivy-operator. It uses helm template in the background. When running deploy, I get following error:

STDERR:
  Error: Failed to render chart: exit status 1: Error: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "cis" namespace: "" from "": no matches for kind "ClusterComplianceReport" in version "aquasecurity.github.io/v1alpha1"
  ensure CRDs are installed first, resource mapping not found for name: "nsa" namespace: "" from "": no matches for kind "ClusterComplianceReport" in version "aquasecurity.github.io/v1alpha1"
  ensure CRDs are installed first, resource mapping not found for name: "pss-baseline" namespace: "" from "": no matches for kind "ClusterComplianceReport" in version "aquasecurity.github.io/v1alpha1"
  ensure CRDs are installed first, resource mapping not found for name: "pss-restricted" namespace: "" from "": no matches for kind "ClusterComplianceReport" in version "aquasecurity.github.io/v1alpha1"
  ensure CRDs are installed first]

Seemingly the crds symlink is not followed by helm in https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm.

What did you expect to happen:

symlink followed, CRDs are also deployed, and no error for cis, nsa, pss-restricted, pss-baseline clustercompliancereports.

Anything else you would like to add:

[Miscellaneous information that will assist in solving the issue.]

Environment:

chen-keinan commented 1 year ago

@daniel-laszlo will using real crds folder instead of symlik will solve you issue ?

daniel-laszlo commented 1 year ago

hi @chen-keinan , thank you for the quick response! I believe yes, that should solve the issue.

benoitbayol commented 5 months ago

Hey,

same error messages chart version 0.20.2 and helmfile version 0.160 but I assume the fix has been integrated long ago in a previous release.

Is there a rollback to crd symlink after the fix ?

Thanks,

chen-keinan commented 5 months ago

@benoitbayol there is no sym link for crd anymore. all exist in real folder are you using helm install/upgrade ... which error you get ?