search

cruise-automation / k-rail

Kubernetes security tool for policy enforcement
Apache License 2.0
443 stars 54 forks source link

[helm] Ensure secret is created in k-rail namespace #3

Closed drnic closed 5 years ago

drnic commented 5 years ago

Without kubectl apply -n k-rail, the secret was being created in default namespace. Perhaps a glitch in helm v2.15.1.

drnic commented 5 years ago

Hmm, when the namespace doesn't already exist then this fails:

validatingwebhookconfiguration.admissionregistration.k8s.io/k-rail configured
Error from server (NotFound): error when creating "STDIN": namespaces "k-rail" not found
Error from server (NotFound): error when creating "STDIN": namespaces "k-rail" not found
Error from server (NotFound): error when creating "STDIN": namespaces "k-rail" not found
Error from server (NotFound): error when creating "STDIN": namespaces "k-rail" not found
Error from server (NotFound): error when creating "STDIN": namespaces "k-rail" not found
Error from server (NotFound): error when creating "STDIN": namespaces "k-rail" not found

Any protips on making helm template | kubectl apply -f work would be appreciated :)

UPDATE: ahh, this error appears because I stopped using master/HEAD and starting using the v0.1 release, which had this bug.

dustin-decker commented 5 years ago

Thanks, I've namespaced the secret in https://github.com/cruise-automation/k-rail/commit/a67dcf9cff5074e2af09b7373ebdd36393e26561

The existing helm template --namespace k-rail deploy/helm | kubectl apply -f - instructions should namespace the manifest that helm generates properly, but it the secret resource template was missing the namespace.

I'll tag a new release to avoid confusion with the helm chart.

dustin-decker commented 5 years ago

Tagged https://github.com/cruise-automation/k-rail/releases/tag/v0.1.1