search

neo4j / helm-charts

Apache License 2.0
60 stars 53 forks source link

[Bug]: not able to define existing image.imagePullSecret #154

Closed mrszop closed 1 year ago

mrszop commented 1 year ago

Contact Details

No response

What happened?

Hi :)),

it seem's like I am not able to define an existing imagePullSecret. What I did was creating an imagePullSecret first, which I actually use for all my image pulls (which are working), and providing the name of the secret in the version: 4.4.18 neo4j-helm-charts/neo4j-standalone:

image:
  imagePullPolicy: IfNotPresent
  customImage: "neo4j:4.4.17-enterprise"
  imagePullSecrets:
    - "gitlab-pull-secret"`
k get secrets gitlab-pull-secret -o yaml
apiVersion: v1
data:
  .dockerconfigjson: ...
kind: Secret
metadata:
  name: gitlab-pull-secret
  namespace: staging
type: kubernetes.io/dockerconfigjson

I am getting following error:

  Error: Failed to render chart: exit status 1: Error: execution error at (neo4j-standalone/templates/neo4j-imagePullSecret.yaml:27:13): No docker-registry secret exists for imagePullSecret "gitlab-pull-secret" in the cluster. 
   Missing imageCredential entry for "gitlab-pull-secret"
  Use --debug flag to render out invalid YAML
  Error: plugin "diff" exited with error

I don't understand why I would need to specify additional imageCredential entries since I am already having a prepared and working imagePullSecret.

PS: I don't need the secret for image.customImage but for an additional initContainer to add a custom plugin which I'd like to copy to an additional volume.

Cheers, Szop

Chart Name

Standalone

Chart Version

4.4.18

Environment

Microsoft Azure

Relevant log output

No response

Code of Conduct

harshitsinghvi22 commented 1 year ago

@mrszop i am unable to reproduce your issue. I tried the same and everything seems to be working just fine

values.yaml used

neo4j:
  name: licenses
  acceptLicenseAgreement: "yes"
  edition: enterprise
  password: my-password
volumes:
  data:
    mode: defaultStorageClass
# Override image settings in Neo4j pod
image:
  imagePullPolicy: IfNotPresent
  # set a customImage if you want to use your own docker image
  customImage: harshitsinghvi22/helm-charts:4.4.18-enterprise

  #imagePullSecrets list
  imagePullSecrets:
    - "demo"

imagePullSecret creation command

kubectl create secret docker-registry demo --docker-server=https://index.docker.io/v1/ --docker-username=XXXX --docker-password="XXXXX" --namespace staging

output 

 $ helm install standalone neo4j-standalone -f ~/Desktop/sample/imagepullsecret.yaml --namespace staging
NAME: standalone
LAST DEPLOYED: Sun Mar 26 12:12:29 2023
NAMESPACE: staging
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Thank you for installing neo4j-standalone.

Your release "standalone" has been installed  in namespace "staging".

The neo4j user's password has been set to "my-password".To view the progress of the rollout try:

  $ kubectl --namespace "staging" rollout status --watch --timeout=600s statefulset/standalone

Once rollout is complete you can log in to Neo4j at "neo4j://standalone.staging.svc.cluster.local:7687". Try:

  $ kubectl run --rm -it --namespace "staging" --image "harshitsinghvi22/helm-charts:4.4.18-enterprise" cypher-shell \
     -- cypher-shell -a "neo4j://standalone.staging.svc.cluster.local:7687" -u neo4j -p "my-password"

Graphs are everywhere!

WARNING: Passwords set using 'neo4j.password' will be stored in plain text in the Helm release ConfigMap.
Please consider using 'neo4j.passwordFromSecret' for improved security.

From what you have shared , it seems like the imagePullSecret you have created is in staging namespace but maybe you are trying to install the neo4j standalone helm chart in default or some other namespace where the secret does not exists

mrszop commented 1 year ago

Hello @harshitsinghvi22,

thank you for testing and the the output. The mistake is on my side, since I am using helmfile and especially helmfile apply to handle all my charts and check first if anything changed before installing. After hours I found out this helm chart is using the lookup function which was originally querying the k8s API when run in dry-run. Now it is disabled (https://github.com/helm/helm/issues/8137) and I was getting a 'nil' result back which failed. Using helmfile sync is a workaround for me now. Sorry for the trouble!

Cheers

harshitsinghvi22 commented 1 year ago

@mrszop you can use the disableLookups flag in the values.yaml to disable lookups when performing --dry-run