search

openshift-helm-charts / charts

OpenShift Helm charts Repository
https://charts.openshift.io
31 stars 186 forks source link

Diff with existance secrets #1217

Closed nevlkv closed 7 months ago

nevlkv commented 7 months ago

Helm chart inifinispan

if we try helm diff and helmfile failed with same error

helm diff  upgrade  infinispan ./infinispan -f ./environments/common/infinispan/values.yaml  --namespace=io --debug 
Executing helm version
Executing helm get manifest infinispan --namespace io
Executing helm version
Executing helm template infinispan ./infinispan --namespace io --values ./environments/common/infinispan/values.yaml --validate --is-upgrade
Error: Failed to render chart: exit status 1: install.go:194: [debug] Original chart version: ""
install.go:211: [debug] CHART PATH: ./infinispan/infinispan

Error: template: infinispan/templates/statefulset.yaml:23:32: executing "infinispan/templates/statefulset.yaml" at <include (print $.Template.BasePath "/secret.yaml") .>: error calling include: template: infinispan/templates/secret.yaml:6:25: executing "infinispan/templates/secret.yaml" at <$secretData>: wrong type for value; expected map[string]interface {}; got string
helm.go:84: [debug] template: infinispan/templates/statefulset.yaml:23:32: executing "infinispan/templates/statefulset.yaml" at <include (print $.Template.BasePath "/secret.yaml") .>: error calling include: template: infinispan/templates/secret.yaml:6:25: executing "infinispan/templates/secret.yaml" at <$secretData>: wrong type for value; expected map[string]interface {}; got string

Error: plugin "diff" exited with error
helm.go:84: [debug] plugin "diff" exited with error

diff

diff ./infinispan/templates/secret.yaml /tmp/secret.yaml 
5,6c5,8
<     {{- $secretData := (get ((lookup "v1" "Secret" .Release.Namespace  $secretName ) | default dict) "data")}}
<     {{- $password = (get $secretData "password" | b64dec ) | default (randAlphaNum 8 ) }}
---
>     {{- $secretData := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace  $secretName) }}
>     {{- if $secretData.data.password }}
>     {{- $password = $secretData.data.password  | b64dec }}
>     {{- end }}

resolve diff errors

cp /tmp/secret.yaml ./infinispan/templates/secret.yaml
helm diff  upgrade  infinispan ./infinispan -f ./environments/common/infinispan/values.yaml  --namespace=io 
io, infinispan, StatefulSet (apps) has changed:
  # Source: infinispan/templates/statefulset.yaml
  apiVersion: apps/v1
  kind: StatefulSet
  metadata:
    name: infinispan
    labels:
      clusterName: infinispan
      helm.sh/chart: infinispan-0.3.2
      meta.helm.sh/release-name: infinispan
      meta.helm.sh/release-namespace: io
      app.kubernetes.io/version: "14.0"
      app.kubernetes.io/managed-by: Helm
    annotations:
      meta.helm.sh/release-name: infinispan
      meta.helm.sh/release-namespace: io
      "openshift.io/display-name": "Infinispan Cluster"
      "openshift.io/documentation-url": "http://infinispan.org/documentation/"
  spec:
    serviceName: ""
    replicas: 2
    selector:
      matchLabels:
        app: infinispan-pod
        clusterName: infinispan
    template:
      metadata:
        annotations:
          checksum/config: 781d462adcadcfd125272ab6942c4db9af7acfc11bdfcfb6160e520f51bd2ec8
-         checksum/identities: e5f81dbf8d5e6d7b951d13a1ab6f8ceee050ec13e350698392f8b34ebb02e5d2
+         checksum/identities: babf4259a8593cbb967519762d9b0ea7c226c6c39848f3e6671d0d22f58bc730
        labels:
          app: infinispan-pod
          clusterName: infinispan

      spec:
        nodeSelector:
          role: worker
        affinity:
          podAntiAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
              - podAffinityTerm:
                  labelSelector:
                    matchLabels:
                      clusterName: infinispan
                      app: infinispan-pod
                  topologyKey: kubernetes.io/hostname
                weight: 100

        containers:
          - env:
              - name: JAVA_OPTIONS
                value: 
              - name: IDENTITIES_BATCH
                value: /etc/security/identities-batch
              - name: SERVER_LIBS
                value: 
            image: quay.io/infinispan/server:14.0
            imagePullPolicy: Always
            args:
              - --cluster-name=infinispan
              - --server-config=/etc/config/infinispan.yml
              - --logging-config=/etc/config/log4j2.xml
              - --bind-address=0.0.0.0
              - -Djgroups.dns.query=infinispan-ping.io.svc.cluster.local
            ports:
              - containerPort: 8888
                name: ping
                protocol: TCP
              - containerPort: 11222
                name: infinispan
                protocol: TCP
              - containerPort: 11223
                name: infinispan-met
                protocol: TCP
            livenessProbe:
              failureThreshold: 5
              httpGet:
                path: rest/v2/cache-managers/default/health/status
                port: 11222
                scheme: HTTP
              initialDelaySeconds: 10
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 80
            name: infinispan
            readinessProbe:
              failureThreshold: 5
              httpGet:
                path: rest/v2/cache-managers/default/health/status
                port: 11222
                scheme: HTTP
              initialDelaySeconds: 10
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 80
            startupProbe:
              failureThreshold: 60
              httpGet:
                path: rest/v2/cache-managers/default/health/status
                port: 11222
                scheme: HTTP
              initialDelaySeconds: 10
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 80
            resources:
              limits:
                cpu: 1000m
                memory: 256Mi
              requests:
                cpu: 500m
                memory: 256Mi
            volumeMounts:
              - mountPath: /etc/config
                name: config-volume
              - mountPath: /opt/infinispan/server/data
                name: data-volume
              - mountPath: /etc/security
                name: identities-volume
        volumes:
          - configMap:
              name: infinispan-configuration
            name: config-volume
          - name: identities-volume
            secret:
              secretName: infinispan-generated-secret
    updateStrategy:
      type: RollingUpdate
    volumeClaimTemplates:
      - apiVersion: v1
        kind: PersistentVolumeClaim
        metadata:
          name: data-volume
        spec:
          storageClassName: topolvm-ext4
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 1Gi
io, infinispan-generated-secret, Secret (v1) has changed:
  # Source: infinispan/templates/secret.yaml
  apiVersion: v1
  kind: Secret
  metadata:
    annotations:
      helm.sh/resource-policy: keep
      meta.helm.sh/release-name: infinispan
      meta.helm.sh/release-namespace: io
    labels:
      app: infinispan-secret-identities
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/version: "14.0"
      clusterName: infinispan
      helm.sh/chart: infinispan-0.3.2
      meta.helm.sh/release-name: infinispan
      meta.helm.sh/release-namespace: io
    name: infinispan-generated-secret
  data:
-   identities-batch: '-------- # (152 bytes)'
-   password: '-------- # (8 bytes)'
+   identities-batch: '++++++++ # (152 bytes)'
+   password: '++++++++ # (8 bytes)'
    username: 'REDACTED # (7 bytes)'
  type: Opaque

On upgrade existance passwords not changes

mgoerens commented 7 months ago

Could you please open an issue in the chart's upstream repo ?

See https://github.com/infinispan/infinispan-helm-charts

Thanks