Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chapSecretValidation breaks Argo CD multi source applications #398

Open
wolffberg opened this issue Aug 16, 2024 · 4 comments
Open

chapSecretValidation breaks Argo CD multi source applications #398

wolffberg opened this issue Aug 16, 2024 · 4 comments

Comments

@wolffberg
Copy link
Contributor

When deploying the hpe-csi-driver chart using a multi source Argo CD application where the first source is the hpe-csi-driver chart and the second source is a custom chart with the secret containing the iscsi.chapSecretName secret, Argo CD cannot deploy the charts and fails with

(hpe-csi-driver/templates/pre-install-hook.yaml:26:15): Secret hpe-chap-credentials not found in namespace addon-hpe-storage

Instead of using a custom pre-install-hook I suggest using a Kubernetes native way of ensuring the secret is available and correct.

This could for example be mounting the secret into the container and validating it using an init container.

@datamattsson
Copy link
Collaborator

The whole point of a cluster wide secret for CHAP was that it needs to exist prior to installing the Chart. I agree this pre-install-hook isn't the prettiest solution but fail to understand you can't reverse the order in your workflow?

@mofr93
Copy link

mofr93 commented Sep 13, 2024

We use ArgoCD for deploying Helm charts. In our case the validation fails even though the secret already exists prior.

Failed to load target state: failed to generate manifest for source 1 of 1: rpc error: code = Unknown desc = Manifest generation error (cached): `helm template . --name-template hpe-csi-driver --namespace addon-hpe-storage --kube-version 1.30 --values /tmp/f6f6d0e6-41eb-4543-9861-cbfbae542c86 <api versions removed> --include-crds` failed exit status 1: Error: execution error at (hpe-csi-driver/templates/pre-install-hook.yaml:26:15): Secret hpe-chap-secret not found in namespace addon-hpe-storage Use --debug flag to render out invalid YAML

@datamattsson
Copy link
Collaborator

I'm not familiar with what you're exactly trying to do here but is it possible to pass --no-hooks to that helm command?

@wolffberg
Copy link
Contributor Author

Sadly this is not available in Argo CD. I have created #399 to work around the issue in a sensible way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants