arul-gupta commented 4 years ago

Describe the bug All the deployments in ArgoCD chart add a label with the image tag as the value.

app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }}
When pinning to a docker image digest (v1.6.1@sha256:466727431a5b0ac915aa20c6893057111e0b25a2b527bc7d3c366de7f30b362a), this results in the invalid label error with following problems:

length exceeding the allowed length of 63 characters

Invalid characters @ and :

To Reproduce Steps to reproduce the behavior:

Use image digest as the docker image tag
Try to install the chart
It fails with error like this

Error: Deployment.apps "argocd-application-controller" is invalid: [metadata.labels: Invalid value: "v1.6.1@sha256:466727431a5b0ac915aa20c6893057111e0b25a2b527bc7d3c366de7f30b362a": must be no more than 63 characters, metadata.labels: Invalid value: "v1.6.1@sha256:466727431a5b0ac915aa20c6893057111e0b25a2b527bc7d3c366de7f30b362a": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'myvalue', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9.])?[A-Za-z0-9])?'), spec.template.labels: Invalid value: "v1.6.1@sha256:466727431a5b0ac915aa20c6893057111e0b25a2b527bc7d3c366de7f30b362a": must be no more than 63 characters, spec.template.labels: Invalid value: "v1.6.1@sha256:466727431a5b0ac915aa20c6893057111e0b25a2b527bc7d3c366de7f30b362a": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'myvalue', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9.])?[A-Za-z0-9])?')]

Expected behavior We should probably trim the value to keep it under 63 characters and also replace the two invalid characters with a valid one

Additional context

This is a problem only when trying to use image digests instead of versions.
I've not checked other charts but this could be a problem with other charts in this repository too.

mkilchhofer commented 3 years ago

Hi @arul-gupta I think using v1.6.1@sha256:466727431a5b0ac915aa20c6893057111e0b25a2b527bc7d3c366de7f30b362a (version and digest) as a digest is undocumented. According to the docs, we should use:

argoproj/argocd@sha256:466727431a5b0ac915aa20c6893057111e0b25a2b527bc7d3c366de7f30b362a

Ref: https://kubernetes.io/docs/concepts/configuration/overview/:

To make sure the container always uses the same version of the image, you can specify its digest; replace <image-name>:<tag> with <image-name>@<digest> (for example, image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2). The digest uniquely identifies a specific version of the image, so it is never updated by Kubernetes unless you change the digest value.

Therefore we would set the values as follows:

global:
  image:
    repository: argoproj/argocd@sha256
    tag: 466727431a5b0ac915aa20c6893057111e0b25a2b527bc7d3c366de7f30b362a

Then we can simply truncate after 63 chars.

arul-gupta commented 3 years ago

Setting the repository and tag like above seems incorrect. Neither the repository nor the tag value seem correct and can be confusing.

As far as the tag is concerned, it is just to make the version more readable. When we specify digest, tag would be ignored so I don't see a problem in including it.

mkilchhofer commented 3 years ago

What should happen with the version label in your opinion? Shall we omit the label completely? Or does a short form of the sha hash exists?

Shall we truncate the hash after 12 chars like quay.io does?

Updated the PR with a new proposal:

global:
  image:
    repository: argoproj/argocd
    tag: v2.0.0
    digest: sha256:8d1d58ef963f615da97e0b2c54dbe243801d5e7198b98393ab36b7a5768f72a4
    imagePullPolicy: IfNotPresent

This would result in:

      labels:
        #(..)
        app.kubernetes.io/version: "sha256-8d1d58ef963f"

mkilchhofer commented 3 years ago

Bump @arul-gupta

github-actions[bot] commented 3 years ago

Stale issue message

sarahhenkens commented 2 years ago

This issue is still present, can we please re-open this issue?

sarahhenkens commented 2 years ago

/reopen

sarahhenkens commented 2 years ago

@mkilchhofer can we have this issue re-opened?

sathieu commented 2 years ago

This issue is still here. I propose a PR/ https://github.com/argoproj/argo-helm/pull/1368.

suhaad79 commented 1 year ago

I had the same issue with Argocd runningin my GKE and this solves it

image: repository: europe-west1-docker.pkg.dev/myprojects/bms-external/sonarqube/sonarqube@sha256

Overrides the image tag whose default is the chart appVersion.

tag: a36af36234ed796d7f2b2779ab7e9759af6091b6af9988387b845c55324d4b0d

argoproj / argo-helm

Using image digest results in invalid label value in ArgoCD deployment templates #417

Overrides the image tag whose default is the chart appVersion.