If there is a built-in variable referencing kubernetes in chart's Manifest, parsing will report an error

Question

If there is a built-in variable referencing kubernetes in chart's Manifest, parsing will report an error

astronauts1 opened this issue 3 years ago · 6 comments

astronauts1 commented 3 years ago

Ⅰ. Issue Description

Ⅱ. Describe what happened

Ⅲ. Describe what you expected to happen

Ⅳ. How to reproduce it (as minimally and precisely as possible)

Ⅴ. Anything else we need to know?

Answer 1 · 2021-12-30T04:14:23.000Z

Can you provide more information? Such as the webhook file.

Answer 2 · 2021-12-30T06:32:58.000Z

yaml:

{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled (not .Values.admissionWebhooks.certManager.enabled) }}
apiVersion: batch/v1
kind: Job
metadata:
  name:  {{ template "kubevela.fullname" . }}-admission-patch
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
  labels:
    app: {{ template "kubevela.name" . }}-admission-patch
    {{- include "kubevela.labels" . | nindent 4 }}
spec:
  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
  # Alpha feature since k8s 1.12
  ttlSecondsAfterFinished: 0
  {{- end }}
  template:
    metadata:
      name:  {{ template "kubevela.fullname" . }}-admission-patch
      labels:
        app: {{ template "kubevela.name" . }}-admission-patch
        {{- include "kubevela.labels" . | nindent 8 }}
    spec:
      containers:
        - name: patch
          image: {{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
          imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
          args:
            - patch
            - --webhook-name={{ template "kubevela.fullname" . }}-admission
            - --namespace={{ .Release.Namespace }}
            - --secret-name={{ template "kubevela.fullname" . }}-admission
            - --patch-failure-policy={{ .Values.admissionWebhooks.failurePolicy }}
            - --crds=applications.core.oam.dev
      restartPolicy: OnFailure
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ template "kubevela.fullname" . }}-admission
      {{- with .Values.admissionWebhooks.patch.affinity }}
      affinity:
{{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.admissionWebhooks.patch.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
      {{- end }}
      securityContext:
        runAsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
{{- end }}

Answer 3 · 2021-12-30T06:40:36.000Z

I think this may be the reason. chartRequested, err := loader.Load(chartPath)

Answer 4 · 2021-12-31T03:51:33.000Z

Reason: the built-in capabilities field needs to be obtained from the cluster, so we can't load the value of the Capabilities field in the ProcessChart phase.
Solution: u can, according to the API version to be simulated, decide whether to execute this action( ttlSecondsAfterFinished: 0 )

Answer 5 · 2021-12-31T06:55:30.000Z

In addition, I'm sorry about that we don't support to deal with the hook resources in helm.

Answer 6 · 2021-12-31T09:11:12.000Z

ok. I got it.thank you!