search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
9.03k stars 9.22k forks source link

[bitnami/rabbitmq-cluster-operator] Chart v3.2.4 - Incorrect Service name #15324

Closed tlb1galaxy closed 1 year ago

tlb1galaxy commented 1 year ago

Name and Version

bitnami/rabbitmq-cluster-operator 3.2.4

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. helm install rabbitmq-cluster-operator bitnami/rabbitmq-cluster-operator --version 3.2.4 -n global-rabbitmq-operator -f bitnami_rabbitmq-operator-override-values-v3.2.4.yaml
  2. kubectl apply -f 50-rabbitmq-cluster.yaml

bitnami_rabbitmq-operator-override-values-v3.2.4.yaml

# Override-values for Bitnami RabbitMQ Operator
#
msgTopologyOperator:
  replicaCount: 2
useCertManager: true

50-rabbitmq-cluster.yaml

---
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
  name: rabbitmq-cluster
  namespace: compass-staging
  annotations:
    rabbitmq.com/topology-allowed-namespaces: "*"
spec:
  replicas: 2
  resources:
    requests:
      cpu: 2
      memory: 4Gi
    limits:
      cpu: 3
      memory: 6Gi
  rabbitmq:
    additionalConfig: |
      cluster_partition_handling = pause_minority
      vm_memory_high_watermark_paging_ratio = 0.99
      disk_free_limit.relative = 1.0
      collect_statistics_interval = 10000
  persistence:
    storageClassName: rook-ceph-block-ssd
    storage: "50Gi"
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
              - key: app.kubernetes.io/name
                operator: In
                values:
                - pod-anti-affinity
          topologyKey: kubernetes.io/hostname
...

Are you using any custom parameters or values?

No response

What is the expected behavior?

So seems chart v3.2.4 creates a service named rabbitmq-cluster-rabbitmq-messaging-topology-operator and not rabbitmq-cluster-rabbitmq-messaging-topology-operator-webhook

What do you see instead?

chart v3.2.4 creates a service named rabbitmq-cluster-rabbitmq-messaging-topology-operator

Additional information

No response

tlb1galaxy commented 1 year ago

Can validate chart v3.2.3 works ok.

tlb1galaxy commented 1 year ago

Opened issue with rabbitmq-operator but they said it is a chart issue and not an operator issue. https://github.com/rabbitmq/cluster-operator/issues/1280

javsalgar commented 1 year ago

Hi,

Could you explain the issue that this is causing? It has to do with the character limit but the ValidatingWebhookConfiguration should point to the proper service name.

tlb1galaxy commented 1 year ago

When I deploy via the above manifest, I receive the following error:

Error from server (InternalError): error when creating "95-secret-user-permission.yaml": Internal error occurred: failed calling webhook "vuser.kb.io": failed to call webhook: Post "https://rabbitmq-cluster-rabbitmq-messaging-topology-operator-webhook.compass-staging.svc:443/validate-rabbitmq-com-v1beta1-user?timeout=10s": service "rabbitmq-cluster-rabbitmq-messaging-topology-operator-webhook" not found
Error from server (InternalError): error when creating "95-secret-user-permission.yaml": Internal error occurred: failed calling webhook "vpermission.kb.io": failed to call webhook: Post "https://rabbitmq-cluster-rabbitmq-messaging-topology-operator-webhook.compass-staging.svc:443/validate-rabbitmq-com-v1beta1-permission?timeout=10s": service "rabbitmq-cluster-rabbitmq-messaging-topology-operator-webhook" not found
tlb1galaxy commented 1 year ago

Forgot to mention.

Whenever you try to deploy a RabbitMQ object within the non-global namespace, you receive the above error message.

95-secret-user-permission.yaml

---
apiVersion: v1
kind: Secret
metadata:
  name: svc-rabbitmq-ra
  namespace: compass-staging
  labels:
    app.kubernetes.io/name: secret
    app.kubernetes.io/instance: compass-staging
    app.kubernetes.io/version: "3.2.4"
    app.kubernetes.io/component: security
    app.kubernetes.io/part-of: rabbitmq-cluster
    app.kubernetes.io/managed-by: manifests
    lastupdate: "202303031104" # yyyymmddhhmm - Should match 'User' labels
type: Opaque
stringData:
  username: "user1"
  password: "XXXXXXXX"
...
---
apiVersion: rabbitmq.com/v1beta1
kind: User
metadata:
  name: user1
  namespace: compass-staging
  labels:
    app.kubernetes.io/name: user
    app.kubernetes.io/instance: compass-staging
    app.kubernetes.io/version: "3.2.4"
    app.kubernetes.io/component: permissions
    app.kubernetes.io/part-of: rabbitmq-cluster
    app.kubernetes.io/managed-by: manifests
    lastupdate: "202303031104" # yyyymmddhhmm - update field for any changes to secret are populated to RabbitMQ
spec:
  tags:
    - administrator
  rabbitmqClusterReference:
    name: rabbitmq-cluster
  importCredentialsSecret:
    name: user1
...
---
apiVersion: rabbitmq.com/v1beta1
kind: Permission
metadata:
  name: user1
  namespace: compass-staging
  labels:
    app.kubernetes.io/name: permission
    app.kubernetes.io/instance: compass-staging
    app.kubernetes.io/version: "3.2.4"
    app.kubernetes.io/component: permissions
    app.kubernetes.io/part-of: rabbitmq-cluster
    app.kubernetes.io/managed-by: manifests
    lastupdate: "202303031104" # yyyymmddhhmm - update field for any changes to secret are populated to RabbitMQ
spec:
  vhost: "/"
  user: "user1" # name corresponds to the username we provided in secret
  permissions:
    write: ".*"
    configure: ".*"
    read: ".*"
  rabbitmqClusterReference:
    name: rabbitmq-cluster
...
fmulero commented 1 year ago

Hi @tlb1galaxy, I tried to reproduce your issue but I didn't have luck.

I assume that you are facing the issue when you are trying to apply the file 95-secret-user-permission.yaml, so in that case the error you are watching is triggered by the admission controller. Have you checked the ValidatingWebhookConfiguration objects in your k8s cluster? Do you have several validation webhooks for rabbitmq objects? Do you have other rabbitmq operator installed in the compass-staging namespace?

tlb1galaxy commented 1 year ago

@fmulero When I looked at the ValidatingWebhookConfiguration there is only one associated with RabbitMQ. I only have the one RabbitMQ operator installed. When I installed v3.2.3, I literally 'helm delete' and installed same manifest. . I will try another cluster which has never had this helm installed and try there.

tlb1galaxy commented 1 year ago

Tried it on a different cluster. Can't duplicate the error now either. I guess this can be closed as an anomaly. Thanks

fmulero commented 1 year ago

Ok, thanks @tlb1galaxy for let us know

ShuaiShao93 commented 10 months ago

https://github.com/bitnami/charts/issues/15324#issuecomment-1467727828 helps us address the same problem. It turns out we installed the operator before, but failed to fully clean up all the resources like ValidatingWebhookConfiguration. And when we install the new one under a different namespace, we got the same error webhook service not found. After deleting the old ValidatingWebhookConfiguration, we can install the new one. Leaving this here for future readers.

76creates commented 3 months ago

For anybody still having a struggle, we don't have cert manager, I've checked the ca.crt on the rabbitmq-messaging-topology-operator-webhook secret, it expired, just delete the secret, and install one patch version up or down, essentially "reinstall" the secret, it will come with new cert. Didn't go into generating new cert and manually changing it, that is the option as well, tho you would need to update the ValidatingWebhookConfiguration as well I assume.