search

cert-manager / cert-manager

Automatically provision and manage TLS certificates in Kubernetes
https://cert-manager.io
Apache License 2.0
12.04k stars 2.07k forks source link

(root): Additional property rbac is not allowed #7375

Open GurayCetin opened 2 days ago

GurayCetin commented 2 days ago

Describe the bug: (root): Additional property rbac is not allowed error while upgrading to 1.16.1 from 1.15.3 helm release for cert-manager

Code

locals {
  cert_manager_values = <<EOF
crds:
  enabled: true
serviceAccount:
  name: cert-manager
  annotations:
    iam.gke.io/gcp-service-account: "${data.terraform_remote_state.state_1_gcp.outputs.cert-manager-email}"
extraArgs:
  - --cluster-resource-namespace=cert-manager
  - --dns01-recursive-nameservers-only
  - --dns01-recursive-nameservers=1.1.1.1:53,8.8.8.8:53
rbac:
  create: true
resources:
  requests:
    memory: 300Mi
    cpu: 300m
  limits:
    memory: 300Mi
    cpu: 300m
strategy:
  rollingUpdate:
    maxSurge: 1
    maxUnavailable: 0
  type: RollingUpdate
podAnnotations:
  cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
webhook:
  podAnnotations:
    cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
cainjector:
  podAnnotations:
    cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
EOF
}

resource "helm_release" "cert_manager" {
  name       = "cert-manager"
  repository = "https://charts.jetstack.io"
  chart      = "cert-manager"
  version    = "v1.15.3"

  cleanup_on_fail = true
  namespace       = kubernetes_namespace.cert_manager.metadata[0].name

  values = [local.cert_manager_values]

}

Error

Error: values don't meet the specifications of the schema(s) in the following chart(s):
cert-manager:
- (root): Additional property rbac is not allowed

  with helm_release.cert_manager,
  on cert-manager.tf line 38, in resource "helm_release" "cert_manager":
  38: resource "helm_release" "cert_manager" {

Expected behaviour: upgrading helm chart for cert-manager as before

Steps to reproduce the bug: same configuration with terraform code based on v1.15.3 cert-manager helm release upgrading to v1.16.1

Anything else we need to know?:

Environment details::

inteon commented 2 days ago

rbac is a field under the global section in values.yaml: https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml#L31-L35

So, the error you received seems to be correct.

GurayCetin commented 2 days ago

rbac is a field under the global section in values.yaml: https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml#L31-L35

So, the error you received seems to be correct.

This was how it is before, did i missed something in release notes?

inteon commented 2 days ago

We added Helm values validation in v1.16 (https://github.com/cert-manager/cert-manager/pull/7069 and https://cert-manager.io/docs/releases/release-notes/release-notes-1.16). Unknown values in values.yaml were allowed before, but will now result in an error. We made this change to make sure there are no spelling mistakes or incorrect paths used anywhere in the values. In your case, this will make sure that global.rbac.create is set instead of rbac.create.