search

aws-samples / rancher-on-aws-workshop

Learn how to easily deploy and manage Kubernetes with Rancher on AWS Cloud
https://catalog.workshops.aws/rancher
MIT License
12 stars 4 forks source link

Issue with NeuVector values.yaml #63

Closed evdevr closed 10 months ago

evdevr commented 10 months ago

helm install error: 

Cluster Tools
v2.7.6
An installed application is a Helm 3 chart that was installed either via our charts or through the Helm CLI.
Installed Apps
    State
    Name
    Chart
    Upgradable
    Resources
    Age

There are no rows to show.
Disconnected
helm upgrade --install=true --namespace=cattle-neuvector-system --timeout=10m0s --values=/home/shell/helm/values-neuvector-crd-102.0.3-up2.6.0.yaml --version=102.0.3+up2.6.0 --wait=true neuvector-crd /home/shell/helm/neuvector-crd-102.0.3-up2.6.0.tgz
checking 6 resources for changes
Looks like there are no changes for CustomResourceDefinition "[nvsecurityrules.neuvector.com](http://nvsecurityrules.neuvector.com/)"
Looks like there are no changes for CustomResourceDefinition "[nvclustersecurityrules.neuvector.com](http://nvclustersecurityrules.neuvector.com/)"
Looks like there are no changes for CustomResourceDefinition "[nvdlpsecurityrules.neuvector.com](http://nvdlpsecurityrules.neuvector.com/)"
Looks like there are no changes for CustomResourceDefinition "[nvadmissioncontrolsecurityrules.neuvector.com](http://nvadmissioncontrolsecurityrules.neuvector.com/)"
Looks like there are no changes for CustomResourceDefinition "[nvwafsecurityrules.neuvector.com](http://nvwafsecurityrules.neuvector.com/)"
Looks like there are no changes for Service "neuvector-svc-crd-webhook"
beginning wait for 6 resources with timeout of 10m0s
Release "neuvector-crd" has been upgraded. Happy Helming!
NAME: neuvector-crd
2023-09-05T09:59:49.425568344Z LAST DEPLOYED: Tue Sep  5 09:59:47 2023
2023-09-05T09:59:49.425571976Z NAMESPACE: cattle-neuvector-system
STATUS: deployed
REVISION: 2
2023-09-05T09:59:49.426200772Z TEST SUITE: None

---------------------------------------------------------------------
SUCCESS: helm upgrade --install=true --namespace=cattle-neuvector-system --timeout=10m0s --values=/home/shell/helm/values-neuvector-crd-102.0.3-up2.6.0.yaml --version=102.0.3+up2.6.0 --wait=true neuvector-crd /home/shell/helm/neuvector-crd-102.0.3-up2.6.0.tgz
---------------------------------------------------------------------
helm upgrade --install=true --namespace=cattle-neuvector-system --timeout=10m0s --values=/home/shell/helm/values-neuvector-102.0.3-up2.6.0.yaml --version=102.0.3+up2.6.0 --wait=true neuvector /home/shell/helm/neuvector-102.0.3-up2.6.0.tgz
Release "neuvector" does not exist. Installing it now.
Error: template: neuvector/templates/validate-psp-install.yaml:2:14: executing "neuvector/templates/validate-psp-install.yaml" at <.Values.global.cattle.psp.enabled>: nil pointer evaluating interface {}.enabled

as one may expect, adding 

psp:
  enabled: true

to the global.cattle area of the NeuVector yaml allowed the helm chart to install. so we have that as a possible workaround. NeuVector seems to come up and is happy at that point. the repo on github seems to have two globals section, and it's like it's only reading the second one... but the Rancher helm repo is a few releases out of date for the NeuVector helm.

zackbradys commented 10 months ago

I thought I posted this comment earlier today... I reached out to the team and folks responsible for this and it looks like a bad commit happened and it's slated to be fixed today/this week. Behind the scenes, the chart repository is located in rancher/charts. Message when reaching out to the team:

"This will be fixed this week in the Rancher chart release. The workaround is adding below values when deploying."

global: # required for rancher authentication (https://<Rancher_URL>/)
  cattle:
    psp:
      enabled: false # PSP enablement should default to false
zackbradys commented 10 months ago

Checked with the team again and PR to updated the rancher/charts repo is approved and running through the pipeline to be released. Should see it merged later tonight: https://github.com/rancher/charts/pull/2940

zackbradys commented 10 months ago

rancher/charts repo has been merged and updated. fresh workshop environment and successfully installed with only updated the two values set in the current workshop instructions.

2023-09-05T23:33:39.776059707Z LAST DEPLOYED: Tue Sep  5 23:32:48 2023
2023-09-05T23:33:39.776064356Z NAMESPACE: cattle-neuvector-system
2023-09-05T23:33:39.776067293Z STATUS: deployed
2023-09-05T23:33:39.776069928Z REVISION: 1
2023-09-05T23:33:39.776072536Z TEST SUITE: None
2023-09-05T23:33:39.776075613Z NOTES:
2023-09-05T23:33:39.776078236Z Get the NeuVector URL by running these commands:
2023-09-05T23:33:39.776081747Z   NODE_PORT=$(kubectl get --namespace cattle-neuvector-system -o jsonpath="{.spec.ports[0].nodePort}" services neuvector-service-webui)
2023-09-05T23:33:39.776085058Z   NODE_IP=$(kubectl get nodes --namespace cattle-neuvector-system -o jsonpath="{.items[0].status.addresses[0].address}")
2023-09-05T23:33:39.776088664Z   echo https://$NODE_IP:$NODE_PORT
Tue, Sep 5 2023 7:33:39 pm

Tue, Sep 5 2023 7:33:39 pm
---------------------------------------------------------------------
Tue, Sep 5 2023 7:33:39 pm
SUCCESS: helm upgrade --install=true --namespace=cattle-neuvector-system --timeout=10m0s --values=/home/shell/helm/values-neuvector-102.0.4-up2.6.2.yaml --version=102.0.4+up2.6.2 --wait=true neuvector /home/shell/helm/neuvector-102.0.4-up2.6.2.tgz
Tue, Sep 5 2023 7:33:39 pm
---------------------------------------------------------------------
neuvector-updated-chart-screenshot