search

kubernetes-sigs / secrets-store-sync-controller

This is a Kubernetes controller that watches for changes to a custom resource and syncs the secrets from external secrets-store as Kubernetes secret.
Apache License 2.0
15 stars 6 forks source link

helm install fails when deploying VAPs in Kubernetes v1.28.0 #78

Open aramase opened 1 month ago

aramase commented 1 month ago 
➜ kgno -owide
NAME                 STATUS   ROLES           AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION    CONTAINER-RUNTIME
kind-control-plane   Ready    control-plane   36s   v1.28.0   172.18.0.2    <none>        Debian GNU/Linux 11 (bullseye)   6.6.32-linuxkit   containerd://1.7.1

secrets-store-sync-controller/manifest_staging/charts/secrets-store-sync-controller on  pr-72 [$] at ☸️ kind-kind
➜ helm install sssc .
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "secrets-store-sync-controller-create-update-policy" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicy" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-create-update-token-deny-policy" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicy" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-delete-policy" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicy" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-update-check-oldobject-policy" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicy" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-update-label-policy" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicy" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-validate-annotation-policy" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicy" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-validate-label-policy" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicy" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-validate-token-policy" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicy" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-create-update-policy-binding" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicyBinding" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-create-update-token-deny-policy-binding" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicyBinding" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-delete-policy-binding" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicyBinding" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-update-owners-check-oldobject-policy-binding" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicyBinding" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-update-label-policy-binding" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicyBinding" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-validate-annotation-policy-binding" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicyBinding" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-validate-label-policy-binding" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicyBinding" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "secrets-store-sync-controller-validate-token-policy-binding" namespace: "" from "": no matches for kind "ValidatingAdmissionPolicyBinding" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first]

The CI isn't catching this failure because the test matrix is always deploying a cluster with v1.30.2 https://github.com/kubernetes-sigs/secrets-store-sync-controller/blob/f5b4d2ab734476b590156f5d86aa30bdabf13d48/Makefile#L34

Opened https://github.com/kubernetes/test-infra/pull/33432 to set the correct version in the test matrix. I suspect the tests will start failing after that's merged, so this needs to be fixed.

/kind bug /assign @nilekhc

AlexanderStocks commented 1 month ago

Did you enable the required feature gates when testing this with v1.28.0? I believe the kind-config.yaml featureGates and runtimeConfig values would need to be changed to work for 1.28.0

nilekhc commented 1 week ago

/unassign

omerap12 commented 1 week ago

/assign

omerap12 commented 1 week ago

Did you enable the required feature gates when testing this with v1.28.0? I believe the kind-config.yaml featureGates and runtimeConfig values would need to be changed to work for 1.28.0

I will look into it thanks!