capsule: Error applying new CRD version from v0.1.0 helm chart

Bug description

On cluster where we already have old version of capsule CRD installed, when we are trying to apply new CRD version, it is throwing below error.

The CustomResourceDefinition "tenants.capsule.clastix.io" is invalid: 
* spec.conversion.webhookClientConfig: Forbidden: should not be set when strategy is not set to Webhook
* spec.conversion.conversionReviewVersions: Forbidden: should not be set when strategy is not set to Webhook
Failed: NonZeroResultCode: Result code was 1

A clear and concise description of what the bug is.

How to reproduce

Steps to reproduce the behavior:

Installed older version of CRDs from v0.0.5 on a cluster
Download a new version of CRD from v0.1.0
Then run kubectl apply -f from crds directory of helm chart

Provide the Capsule Tenant YAML definitions
Provide all managed Kubernetes resources

Expected behavior

It should create the CRDs

Logs

If applicable, please provide logs of capsule.

The CustomResourceDefinition "tenants.capsule.clastix.io" is invalid: 
* spec.conversion.webhookClientConfig: Forbidden: should not be set when strategy is not set to Webhook
* spec.conversion.conversionReviewVersions: Forbidden: should not be set when strategy is not set to Webhook
Failed: NonZeroResultCode: Result code was 1

In a standard stand-alone installation of Capsule, you’d get this by running kubectl -n capsule-system logs deploy/capsule-controller-manager.

Additional context

Capsule version: (capsule --version) v0.1.0
Helm Chart version: (helm list -n capsule-system) v0.1.0
Kubernetes version: (kubectl version)

Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.11", GitCommit:"c6a2f08fc4378c5381dd948d9ad9d1080e3e6b33", GitTreeState:"clean", BuildDate:"2021-05-12T12:27:07Z", GoVersion:"go1.15.12", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.12", GitCommit:"2cb4598553d0a2ca5f3eb7980c99cd8236cc5011", GitTreeState:"clean", BuildDate:"2021-06-16T12:52:44Z", GoVersion:"go1.15.13", Compiler:"gc", Platform:"linux/amd64"}

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 17 (12 by maintainers)

Most upvoted comments

Yes, no problem. We already built a helm chart with this fix and verified that everything is working in argoCD

MaxFedotov on Dec 29, 2021

@prometherion i think we had to reopen this issue. When migrating capsule under argocd, we start getting the following errors during sync:

The problem is related to https://github.com/clastix/capsule/blob/master/charts/capsule/crds/tenant-crd.yaml#L10 this line. ArgoCD tries to run kubectl apply with this CRD, and it fails. Moreover, ignoring these fields in the application spec doesn’t work:

  - group: apiextensions.k8s.io
    kind: CustomResourceDefinition
    jsonPointers:
      - /spec/conversion
      - /spec/conversion/strategy
      - /spec/conversion/webhook
      - /spec/conversion/webhook/conversionReviewVersions

So my proposal is to change tenants crd spec to the following:

spec:
  conversion:
    strategy: Webhook
    webhook:
      clientConfig:
        service:
          name: capsule-webhook-service
          namespace: capsule-system
          path: /convert
          port: 443
      conversionReviewVersions:
        - v1alpha1
        - v1beta1

so Capsule controller will update only caBundle for clientConfig. This will allow to ignore it in argocd using:

  - group: apiextensions.k8s.io
    kind: CustomResourceDefinition
    jsonPointers:
      - /spec/conversion/webhook

MaxFedotov on Dec 29, 2021

@bsctl nope, helm doesn’t uninstall crds (https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) so it is safe

MaxFedotov on Sep 28, 2021