search

cybozu-go / accurate

Kubernetes controller for multi-tenancy. It propagates resources between namespaces accurately and allows tenant users to create/delete sub-namespaces.
https://cybozu-go.github.io/accurate/
Apache License 2.0
34 stars 5 forks source link

Failed to create subnamespace due to `service "webhook-service" not found` #139

Closed pddg closed 2 days ago

pddg commented 1 week ago

Describe the bug A setup where CRD is installed separately and accurate itself is managed by helm is described in the documentation. https://github.com/cybozu-go/accurate/tree/v1.3.0/charts/accurate#installing-customresourcedefinitions-optional

However, setting up in this way fails with the following error.

❯ kubectl accurate sub create sub root
Error: failed to create a SubNamespace: conversion webhook for accurate.cybozu.com/v1, Kind=SubNamespace failed: Post "https://webhook-service.system.svc:443/convert?timeout=30s": service "webhook-service" not found

Environments

To Reproduce Steps to reproduce the behavior:

  1. Create kubernetes cluster
    1. kind create cluster --name accurate
  2. Install cert-manager
    1. curl -fsL https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml | kubectl apply -f -
  3. Install CRD of accurate
    1. kustomize build https://github.com/cybozu-go/accurate/config/crd | kubectl apply -f -
  4. Install accurate by helm with installCRDs=false
    1. helm repo add accurate https://cybozu-go.github.io/accurate/
    2. helm repo update
    3. helm install --create-namespace --namespace accurate --set installCRDs=false accurate accurate/accurate
  5. create sub namespace

Expected behavior accurate works and sub namespaces are created.

Additional context This occurs because accurate uses helm templates to make some of the CRDs variable and the CRDs installed through this procedure are different from the CRDs installed through helm. https://github.com/cybozu-go/accurate/blob/e09d42701eeb193ea6dd0dfbd04005d21c299c9a/charts/accurate/templates/generated/crds.yaml#L4-L24

I want the documentation to say what changes should be made to the CRD.

erikgb commented 1 week ago

I agree something isn't right here. But the conversion webhook configuration in the CRD needs to know which namespace the webhook is running in, so I don't expect an easy/good fix to be available here.