Profile CRD being created on every helm chart installation

hilariocoelho commented 4 years ago

Profile is being installed on every helm chart installation and there isn't any flag that prevents this behavior. Since a CRD is not namespace scoped, this breaks my development environment where every develop has his own sandbox with his own openfaas installation.

The first chart installation creates the kubernetes CRD but on the second installation it fails to install because the CRD is already installed.

Expected Behaviour

Should be possible to install multiple openfaas charts on the same kubernetes cluster.

Current Behaviour

On the second openfaas chart installation it prompts the following error:

$ helm install openfaas openfaas/openfaas -n ns-a9d8a4 --version 6.0.1 --set basic_auth="true" --set serviceType="ClusterIP" --set faasIdler.dryRun="true" --set faasIdler.inactivityDuration="5m" --set faasIdler.reconcileInterval="5m" --set operator.create=true --set operator.createCRD=false --set istio.mtls=false --set functionNamespace="ns-a9d8a4"
Error: rendered manifests contain a resource that already exists. Unable to continue with install: CustomResourceDefinition "profiles.openfaas.com" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "openfaas": current value is "openfaas-dev"; annotation validation error: key "meta.helm.sh/release-namespace" must equal "ns-a9d8a4": current value is "openfaas-dev"

Possible Solution

operator.createCRD should be used as a flag to install the CRD or not.

Steps to Reproduce (for bugs)

Install an openfaas chart on a kubernetes cluster

  helm install openfaas openfaas/openfaas -n openfaas-dev --version 6.0.1 --set basic_auth="true" --set serviceType="ClusterIP" --set faasIdler.dryRun="true" --set faasIdler.inactivityDuration="5m" --set faasIdler.reconcileInterval="5m" --set operator.create=true --set operator.createCRD=true --set istio.mtls=false --set functionNamespace="openfaas-fn-dev"

Install a second openfaas chart on the same kubernetes cluster

  helm install openfaas openfaas/openfaas -n ns-a9d8a4 --version 6.0.1 --set basic_auth="true" --set serviceType="ClusterIP" --set faasIdler.dryRun="true" --set faasIdler.inactivityDuration="5m" --set faasIdler.reconcileInterval="5m" --set operator.create=true --set operator.createCRD=false --set istio.mtls=false --set functionNamespace="ns-a9d8a4"

Notice that I can disable Function CRD creation by setting operator.createCRD=false.

Context

This issue is blocking me from having multiple openfaas instances running on the same cluster. This is an impediment to have a development environment where every developer has his own sandbox completely decoupled from the other.

I didn't have this issue while running Openfaas chart 5.8.4. Just tested with Openfaas 6.0.1 but seems like 6.0.3 still has the same issue

Your Environment

FaaS-CLI version ( Full output from: faas-cli version ): N/A
Docker version docker version (e.g. Docker 17.0.05 ): N/A
What version and distriubtion of Kubernetes are you using? kubectl version N/A
Operating System and version (e.g. Linux, Windows, MacOS): N/A
Link to your project or a code example to reproduce issue: N/A
What network driver are you using and what CIDR? i.e. Weave net / Flannel N/A

hilariocoelho commented 4 years ago

Just saw #579 and that seems to fix. It uses an helm method specifically to install CRDs which verifies if the CRD is already installed or not. It is documented here.

RichterBIT commented 3 years ago

Hello,

just wanted to chime in and say that a toggle in the helm chart for the CRD would be needed still, in case you do not have permissions to create something at cluster level. Like you said, the CRDs are not on namespace level and thus someone with access rights to only namespaces cannot deploy the chart currently.

Or is there any other way?

alexellis commented 3 years ago

Fixed in #696

openfaas / faas-netes