search

upbound / universal-crossplane

Enterprise-grade @crossplane from @upbound
https://upbound.io/product/universal-crossplane
Apache License 2.0
123 stars 31 forks source link

CRD for `aws.upbound.io` not found even after installing `provider-family-aws provider` #396

Closed preetsindhal closed 8 months ago

preetsindhal commented 1 year ago

kind ProviderConfig of api aws.upbound.io not found even after installing provider-family-aws provider

provider is installed with warning: Warning UnpackPackage 24s (x10 over 4m27s) packages/provider.pkg.crossplane.io cannot unpack package: failed to fetch package digest from remote: serviceaccounts "crossplane" not found

Error:

ProviderConfig/universal-crossplane/aws-provider-upbound dry-run failed: failed to get API group resources: unable to retrieve the complete list of server APIs: aws.upbound.io/v1beta1: the server could not find the requested resource

Yaml 

apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
  name: aws-config-upbound
  namespace: universal-crossplane
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::xxxxx:role/K8s-crossplane
spec:
  podSecurityContext:
    fsGroup: 2000
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-family-aws
spec:
  package: xpkg.upbound.io/upbound/provider-family-aws:v0.39.0
  controllerConfigRef:
    name: aws-config-upbound
---
apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: aws-provider-upbound
  namespace: universal-crossplane
spec:
  credentials:
    source: InjectedIdentity
turkenf commented 1 year ago

Hi @preetsindhal,

Thank you for raising this issue. Could you please provide the steps and more information so we can reproduce the error?

preetsindhal commented 1 year ago

Hi @preetsindhal,

Thank you for raising this issue. Could you please provide the steps and more information so we can reproduce the error?

sure, I have deployed uxp on EKS v1.26 using helm chart version 1.13.2-up.1 available here https://artifacthub.io/packages/helm/upbound-stable/universal-crossplane

it has launched these pods all running healthy.

universal-crossplane-66b7d89b8c-vbgxw               1/1     Running   0          5h15m
universal-crossplane-rbac-manager-696c774b7-rgqtp   1/1     Running   0          5h15m
upbound-bootstrapper-5d74c45b4c-hklfg               1/1     Running   0          5h15m
xgql-798fb5557c-lkzgf                               1/1     Running   0          5h15m

Then i installed provider provider-family-aws using below manifest

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-family-aws
spec:
  package: xpkg.upbound.io/upbound/provider-family-aws:v0.39.0

Then i try to deploy below manifest for providerconfig but it throws error as CRD isn't available.

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: aws-provider-upbound
  namespace: universal-crossplane
spec:
  credentials:
    source: InjectedIdentity

https://marketplace.upbound.io/providers/upbound/provider-family-aws/v0.39.0/config

Thanks

turkenf commented 1 year ago

Hi @preetsindhal, there seems to be an issue with the crossplane setup, when you run k get serviceaccounts -n crossplane-system you should see crossplane serviceaccount:

NAME                               SECRETS   AGE
crossplane                         0         51m
default                            0         51m
provider-family-aws-63c2dfd019ef   0         50m
rbac-manager                       0         51m

Therefore provider-family-aws cannot be installed, I'm moving this issue to the universal-crossplane repo.

I tried the following way and I didn't encounter any issue, you can try if you want:

helm install crossplane --namespace crossplane-system crossplane-stable/crossplane

- then install provider-family:

apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: name: provider-family-aws spec: package: xpkg.upbound.io/upbound/provider-family-aws:v0.39.0

- after installing, run `kubectl get crd`, should see ProviderConfig's CRD:

NAME CREATED AT compositeresourcedefinitions.apiextensions.crossplane.io 2023-08-29T09:34:06Z compositionrevisions.apiextensions.crossplane.io 2023-08-29T09:34:06Z compositions.apiextensions.crossplane.io 2023-08-29T09:34:06Z configurationrevisions.pkg.crossplane.io 2023-08-29T09:34:06Z configurations.pkg.crossplane.io 2023-08-29T09:34:06Z controllerconfigs.pkg.crossplane.io 2023-08-29T09:34:06Z environmentconfigs.apiextensions.crossplane.io 2023-08-29T09:34:06Z locks.pkg.crossplane.io 2023-08-29T09:34:06Z providerconfigs.aws.upbound.io 2023-08-29T09:35:17Z providerconfigusages.aws.upbound.io 2023-08-29T09:35:17Z providerrevisions.pkg.crossplane.io 2023-08-29T09:34:06Z providers.pkg.crossplane.io 2023-08-29T09:34:06Z storeconfigs.aws.upbound.io 2023-08-29T09:35:17Z storeconfigs.secrets.crossplane.io

saion-chatterjee commented 1 year ago

Hi @turkenf I faced the same issue. I am able to reproduce it in the following way:

It seems the uxp installation does not work e2e if the nameOverride in values.yaml is anything other than the default value "crossplane". I tried installing it with a different name and the helm chart for uxp is installed but after this the Provider installation fails with the error: "cannot unpack package: failed to fetch package digest from remote: serviceaccounts "crossplane" not found" https://github.com/upbound/universal-crossplane/blob/main/cluster/charts/universal-crossplane/values.yaml#L260

The nameOverride also overrides the name of the serviceaccount to the new name in the upbound but the upstream crossplane does not expose this value in its values.yaml, although the _helpers.tpl file does consider a possibility for .Values.nameOverride. https://github.com/crossplane/crossplane/blob/master/cluster/charts/crossplane/templates/_helpers.tpl#L6

Therefore it still expects a serviceaccount with the default name "crossplane" to exist.

This looks to me as a bug which needs to be fixed. For the time being, is there any recommendation for a workaround?

saion-chatterjee commented 1 year ago

Hi @turkenf I faced the same issue. I am able to reproduce it in the following way:

It seems the uxp installation does not work e2e if the nameOverride in values.yaml is anything other than the default value "crossplane". I tried installing it with a different name and the helm chart for uxp is installed but after this the Provider installation fails with the error: "cannot unpack package: failed to fetch package digest from remote: serviceaccounts "crossplane" not found" https://github.com/upbound/universal-crossplane/blob/main/cluster/charts/universal-crossplane/values.yaml#L260

The nameOverride also overrides the name of the serviceaccount to the new name in the upbound but the upstream crossplane does not expose this value in its values.yaml, although the _helpers.tpl file does consider a possibility for .Values.nameOverride. https://github.com/crossplane/crossplane/blob/master/cluster/charts/crossplane/templates/_helpers.tpl#L6

Therefore it still expects a serviceaccount with the default name "crossplane" to exist.

This looks to me as a bug which needs to be fixed. For the time being, is there any recommendation for a workaround?

update to 1.13 seems to have solved the issue. It was fixed upstream as part of another feature pr. Thanks to @phisco for pointing it out

phisco commented 8 months ago

Thanks for the updates, everyone. It looks like updating to the latest version 1.13 has resolved the issue. I'm going to close this for now, but if you encounter any further problems, please feel free to reopen it.