search

jetstack / jetstack-secure

Open source components of Jetstack Secure
https://www.jetstack.io/jetstack-secure/
Apache License 2.0
252 stars 24 forks source link

Helm: the namespace was missing in the configmap, deployment, and serviceaccount templates #526

Closed maelvls closed 3 months ago

maelvls commented 3 months ago

Source: https://venafi.atlassian.net/browse/VC-32006

When installing with helm install, the namespace doesn't need to be present on the templates. Helm automatically installs the resources that don't have a specific namespace to the namespace specified in --namespace.

But when using helm template, the resulting templated manifests don't contain a namespace, even though --namespace was used. This is an old issue of Helm (https://github.com/helm/helm/issues/3553). And since a lot of people rely on helm template and then feed that into ArgoCD, it makes to add the namespace field to all namespaced resources.

Thus, this PR adds the namespace in the configmap, deployment, and serviceaccount templates.

Manual test for the chart venafi-kubernetes-agent:

# First, on master:
git checkout master
helm package ./deploy/charts/venafi-kubernetes-agent --version 0.0.0-master
# Second, on the PR:
gh pr checkout 526
helm package ./deploy/charts/venafi-kubernetes-agent --version 0.0.0-pr
diff -u \
  <(helm template venafi-kubernetes-agent-0.0.0-master.tgz -n venafi | grep -v "helm.sh/chart" | yq .kind,.metadata) \
  <(helm template venafi-kubernetes-agent-0.0.0-pr.tgz -n venafi | grep -v "helm.sh/chart" | yq .kind,.metadata)

Result:

--- /dev/fd/13  2024-03-26 15:32:10
+++ /dev/fd/15  2024-03-26 15:32:10
@@ -1,5 +1,6 @@
 ServiceAccount
 name: venafi-kubernetes-agent-release-name
+namespace: venafi
 labels:
   app.kubernetes.io/name: venafi-kubernetes-agent
   app.kubernetes.io/instance: release-name
@@ -8,6 +9,7 @@
 ---
 ConfigMap
 name: agent-config
+namespace: venafi
 labels:
   app.kubernetes.io/name: venafi-kubernetes-agent
   app.kubernetes.io/instance: release-name
@@ -168,6 +170,7 @@
 ---
 Deployment
 name: venafi-kubernetes-agent-release-name
+namespace: venafi
 labels:
   app.kubernetes.io/name: venafi-kubernetes-agent
   app.kubernetes.io/instance: release-name

Manual test for the chart jetstack-agent:

# First, on master:
git checkout master
helm package ./deploy/charts/jetstack-agent --version 0.0.0-master
# Second, on the PR:
gh pr checkout 526
helm package ./deploy/charts/jetstack-agent --version 0.0.0-pr
diff -u \
  <(helm template jetstack-agent-0.0.0-master.tgz -n venafi --set config.organisation=foo --set config.cluster=bar | grep -v "helm.sh/chart" | yq .kind,.metadata) \
  <(helm template jetstack-agent-0.0.0-pr.tgz -n venafi --set config.organisation=foo --set config.cluster=bar | grep -v "helm.sh/chart" | yq .kind,.metadata)

Result:

--- /dev/fd/13  2024-03-26 15:36:21
+++ /dev/fd/14  2024-03-26 15:36:21
@@ -1,5 +1,6 @@
 ServiceAccount
 name: jetstack-agent-release-name
+namespace: venafi
 labels:
   app.kubernetes.io/name: jetstack-agent
   app.kubernetes.io/instance: release-name
@@ -8,6 +9,7 @@
 ---
 ConfigMap
 name: agent-config
+namespace: venafi
 labels:
   app.kubernetes.io/name: jetstack-agent
   app.kubernetes.io/instance: release-name
@@ -158,6 +160,7 @@
 ---
 Deployment
 name: jetstack-agent-release-name
+namespace: venafi
 labels:
   app.kubernetes.io/name: jetstack-agent
   app.kubernetes.io/instance: release-name
maelvls commented 3 months ago

@tfadeyi What do I need to get that released? Thanks!

tfadeyi commented 3 months ago

What do I need to get that released? Thanks!

We are planning on making a new release today, it will include these changes