azure / k8s-bake Goto Github PK
View Code? Open in Web Editor NEWGitHub Action creating Kubernetes manifest files with Helm, Kustomize, or Kompose
License: MIT License
GitHub Action creating Kubernetes manifest files with Helm, Kustomize, or Kompose
License: MIT License
Hi! There's a tag called v2.2 in this repo but no release. This leads to GitHub Workflows using v2.1 when referencing azure/k8s-bake@v2. I discovered this because the namespace option wasn't recognised. This is misleading.
It seems that 'helm2' is valid as the renderEngine, and not 'helm':
Line 183 in 0df3471
However the README has renderEngine: 'helm'
. Should this be helm2?
I have pipeline with job:
deploy:
name: 'Deploy to dev'
runs-on: ubuntu-latest
environment: dev
defaults:
run:
shell: bash
working-directory: src-web
But the step is not using this working directory and I have to use direct ./src-web path
We have a k8s-bake step setup as follows:
- name: Bake manifests
id: bake
uses: azure/k8s-bake@v1
with:
renderEngine: kustomize
kustomizationPath: ./k8s/overlays/${{ github.event.deployment.payload.environment }}
kubectl-version: 'v1.20.5'
The weird issue we are seeing though, is for some of our teams, this step works just fine. When it works, for the version check it's calling /opt/hostedtoolcache/kubectl/1.20.5/x64/kubectl version --client=true -o json
However, for some teams it fails and when it fails, it's failing on the version check. When examining the logs, I notice that it's calling /opt/hostedtoolcache/kubectl/1.20.5/x64 version --client=true -o json
(notice the missing /kubectl
at the end of the path). The failure message is indicating that the command being executed isn't found (which makes sense because it's not actually calling the Kubectl CLI).
There doesn't seem to be a rhyme or reason either. We first noticed it for a team that was running k8s-bake twice, one after the other; however, another team is noticing when only running k8s-bake once. Other teams are unaffected, but all teams are using the exact same YAML listed above.
Currently, while running k8s-bake, Github Actions is giving this warning
Warning: The
set-output
command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Please consider to use environment files to make the warning disappear.
In Github Actions I got the error using azure/k8s-bake@v2 task.
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: azure/k8s-bake@v2
Could you please update deprecated version?
When running k8s-bake in two steps in the same workflow with the same Helm version, the second step will attempt to run Helm using the cached directory rather than the cached executable.
Expected: the second step will run Helm using the executable from the cached directory.
Actual:
Error: Failed to run bake action. Error: Error: Unable to locate executable file: /opt/hostedtoolcache/helm/3.8.2/x64. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.
Example:
- name: Bake one
uses: azure/[email protected]
with:
renderEngine: 'helm'
helmChart: ./deploy/charts/one
helmVersion: 'v3.8.2'
releaseName: one
namespace: ${{ inputs.namespace }}
id: bake-one
- name: Bake etwo
uses: azure/[email protected]
with:
renderEngine: 'helm'
helmChart: ./deploy/charts/two
helmVersion: 'v3.8.2'
releaseName: two
namespace: ${{ inputs.namespace }}
id: bake-two
ubuntu-20.04
From the first step:
##[debug]..Evaluating inputs:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'helm_version'
##[debug]=> 'v3.8.2'
##[debug]Result: 'v3.8.2'
##[debug]Loading env
##[debug]isExplicit: 3.8.2
##[debug]explicit? true
##[debug]checking cache: /opt/hostedtoolcache/helm/3.8.2/x64
##[debug]not found
##[debug]Downloading helm version v3.8.2
##[debug]isExplicit: 3.8.2
##[debug]explicit? true
##[debug]checking cache: /opt/hostedtoolcache/helm/3.8.2/x64
##[debug]not found
##[debug]Downloading https://get.helm.sh/helm-v3.8.2-linux-amd64.zip
##[debug]Destination /home/runner/work/_temp/a2fc0041-7f26-4f83-8bb0-9e8b278fe3fa
##[debug]download complete
/usr/bin/unzip -o /home/runner/work/_temp/a2fc0041-7f26-4f83-8bb0-9e8b278fe3fa
Archive: /home/runner/work/_temp/a2fc0041-7f26-4f83-8bb0-9e8b278fe3fa
creating: linux-amd64/
inflating: linux-amd64/helm
inflating: linux-amd64/LICENSE
inflating: linux-amd64/README.md
##[debug]Caching tool helm 3.8.2 x64
##[debug]source dir: /home/runner/work/_temp/7f48691e-708f-4b3b-bfda-3d19755[62](https://github.com/_/_/actions/runs/5070527400/jobs/9106346737#step:3:63)b50
##[debug]destination /opt/hostedtoolcache/helm/3.8.2/x[64](https://github.com/_/_/actions/runs/5070527400/jobs/9106346737#step:3:65)
##[debug]finished caching tool
##[debug]LICENSE
##[debug]README.md
##[debug]helm
##[debug]Helm executable path /opt/hostedtoolcache/helm/3.8.2/x64/linux-amd64/helm
From the second step:
##[debug]..Evaluating inputs:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'helm_version'
##[debug]=> 'v3.8.2'
##[debug]Result: 'v3.8.2'
##[debug]Loading env
##[debug]isExplicit: 3.8.2
##[debug]explicit? true
##[debug]checking cache: /opt/hostedtoolcache/helm/3.8.2/x64
##[debug]Found tool in cache helm 3.8.2 x64
##[debug]Helm executable path /opt/hostedtoolcache/helm/3.8.2/x64
I'm using this action to build manifests with Kustomize.
- uses: azure/k8s-bake@v1
with:
renderEngine: 'kustomize'
kustomizationPath: '...'
kubectl-version: 'latest'
This mostly works well, but I have one problem; I can't see build error logs even if Kustomize fails and have to debug manifests by running kubectl kustomize
manually.
Is there a way to see error logs from Kustomize?
The k8s-bake action currently does not support the case when the helm chart has a dependency on other charts, which is specified in the requirements.yaml. ‘helm dependency update’ command should be executed in the action, before the chart is baked.
Hi, can you do a new release with helm namespace feature please ?
At the moment (March 22nd 2022) main doesn't work so I'll wait for the new release ;)
Given that the template command is executed in silent mode; there aren't any error logs printed if they fail.
Conditionally check if there are failures and print using core.error
In the Helm example, it is clear that the separator for key and value is :
, for example replicas:2
. However, I think it's easy to accidentally use =
as the separator like replicas=2
, perhaps because some other GH actions use it (e.g., docker/build-push-action using it for build-args and secrets) or it's used in shells for variables. (Note: our team actually made this typo and it even slipped through the review.)
Would it be in scope of the action to check for this mistake? In the current implementation, I believe that if replicas=2
are given, then the overrideName
would be replicas=2
and overrideValue
would be empty. Is there a use case for an empty value? If an empty value is detected and a single =
character found in overrideName
, would it make sense to fail with an error or at least give a warning?
Alternatively, would it be possible to support =
as a valid key-value separator? (Personally, I don't think this is the right way.)
Feel free to close this issue with "not in scope" or "there are reasons why this wouldn't work/would be too tricky".
I'm using k8s-bake
and then trying to use the manifest.
My actions are:
- uses: azure/k8s-bake@v1
with:
renderEngine: 'kompose'
dockerComposeFile: './docker-compose.yaml'
kompose-version: 'latest'
id: bake
- uses: Azure/k8s-deploy@v1
with:
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
docker.pkg.github.com/[my-org]/[my-repo]/[image-name]:${{ github.sha }}
imagepullsecrets: |
demo-k8s-secret
It seems like k8s-bake
is producing a manifest file -
##[debug]steps.bake.outputs.manifestsBundle='/home/runner/work/_temp/baked-template-1591632223529.yaml'
But the deploy step returns:
##[debug]toolRunner toolPath: /opt/hostedtoolcache/kubectl/1.18.3/x64/kubectl
##[debug]/opt/hostedtoolcache/kubectl/1.18.3/x64/kubectl arg: ["apply","-f","","--namespace","default"]
##[debug]exec tool: /opt/hostedtoolcache/kubectl/1.18.3/x64/kubectl
##[debug]arguments:
##[debug] apply
##[debug] -f
##[debug]
##[debug] --namespace
##[debug] default
/opt/hostedtoolcache/kubectl/1.18.3/x64/kubectl apply -f --namespace default
##[error]Error: error: must specify one of -f and -k
##[debug]Node Action run completed with exit code 1
With a kubectl
action, I get the following error:
But then using the mainfest produces the error:
error: the path "/home/runner/work/_temp/baked-template-1591632223529.yaml" does not exist
Here's the debug log for this step:
##[debug]Evaluating condition for step: 'deploy to cluster'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: deploy to cluster
##[debug]Loading inputs
##[debug]Evaluating: format('apply -f ***0***', steps.bake.outputs.manifestsBundle)
##[debug]Evaluating format:
##[debug]..Evaluating String:
##[debug]..=> 'apply -f ***0***'
##[debug]..Evaluating Index:
##[debug]....Evaluating Index:
##[debug]......Evaluating Index:
##[debug]........Evaluating steps:
##[debug]........=> Object
##[debug]........Evaluating String:
##[debug]........=> 'bake'
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'outputs'
Hi,
I would like to install and use specific version of kubectl (v1.27.7) in order to fit with the api server of my AKS cluster (that I have upgraded). I use v3 version of k8s-bake.
After reading the metadata file https://github.com/Azure/k8s-bake/blob/main/action.yml, I noticed that kubectl-version parameter is available to "Installs a specific version of kubectl binary" as it is written in the description.
I do not understand why in my GitHub action workflow logs, the kubectl version is still the latest one (v1.30.1) despite my configuration as you can see in the snapshot below:
This is a snippet of my GitHub action workflow:
- name: Configure deployment
uses: azure/k8s-bake@v3
with:
renderEngine: 'kustomize'
kustomizationPath: ${{ inputs.overlay_path }}
kubectl-version: '1.27.7' # I also tried v1.27.7
id: bake
Please notice I also tried to use v1.27.7 version but the result remains the same.
I have certainly misunderstood something but I dont know what is it.
Thanks in advance for your help
Have a nice day
Regards,
Julien
When having a chart with dependencies against official charts, we need to run helm init first.
In reference to #12
If releaseName is specified as an input parameter, there is an error:
"Error: unknown flag: --name".
There are a few changes in Helm 3. --name is not supported in version 3
It is --release-name in Helmv3
Hi, I'm unable to bake manifsest
I have kustomization.yaml
file with content:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
helmChartInflationGenerator:
- chartName: sealed-secrets
chartRepoUrl: https://bitnami-labs.github.io/sealed-secrets
chartVersion: 2.0.2
releaseName: sealed-secrets
releaseNamespace: base
values: ./values.yaml
and I'm indicate on it in my action azure/[email protected]
- name: Bake deployment SealedSecrets
uses: azure/[email protected]
with:
renderEngine: 'kustomize'
args: --enable-helm # I need something like this
kustomizationPath: ${{ inputs.KUSTOMIZE_SEALED_SECRETS_PATH }}
kubectl-version: latest
id: bake-sealed-secrets
but in this step I'm receiving a error
error: accumulating resources: accumulation err='accumulating resources from '../../../base/sealed-secrets': '/home/runner/work/code-iac/code-iac/argocd/iac/base/sealed-secrets' must resolve to a file': recursed accumulation of path '/home/runner/work/code-iac/code-iac/argocd/iac/base/sealed-secrets': trouble configuring builtin HelmChartInflationGenerator with config: `
name: sealed-secrets
releaseName: sealed-secrets
repo: https://bitnami-labs.github.io/sealed-secrets
valuesFile: ./values.yaml
version: 2.0.2
`: must specify --enable-helm
Error: Error: Failed to run bake action. Error: Error: The process '/opt/hostedtoolcache/kubectl/1.23.4/x64/kubectl' failed with exit code 1
at ExecState._setResult (/home/runner/work/_actions/azure/k8s-bake/v2.1/node_modules/@actions/exec/lib/toolrunner.js:592:25)
at ExecState.CheckComplete (/home/runner/work/_actions/azure/k8s-bake/v2.1/node_modules/@actions/exec/lib/toolrunner.js:575:18)
at ChildProcess.<anonymous> (/home/runner/work/_actions/azure/k8s-bake/v2.1/node_modules/@actions/exec/lib/toolrunner.js:469:27)
at ChildProcess.emit (events.js:[31](https://github.com/xxx/runs/5496238727?check_suite_focus=true#step:5:31)4:20)
at maybeClose (internal/child_process.js:1022:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)
in kustomize I can reproduce it with ommit flag --enable-helm
but after I add it to args like this:
kustomize build --enable-helm .
it works perfeclty
There is any plan to add this feature?
according to this helm/helm#5465
I think it is the best practice to use {{ .Release.Namespace }} However, it won't work with bake since there is no namespace for input
When specifying images information via overrides leading spaces gives an error when deploying
overrides: |
image.repository: ${{ vars.ACR_LOGIN_SERVER }}/${{ var.chartname }}/${{ var.applicationname }}
image.tag: ${{ github.sha }}-${{ github.ref_name }}
Causes issue:
spec.containers[0].image: Invalid value: "
must not have leading or trailing whitespace
In action.yml snipper below, currently only helm2 is supported. Could you please support other values as well since helm3 has already been released and this required variable is a little misleading. Thanks!
inputs:
renderEngine:
description: 'Acceptable values: helm2 or kompose or kustomize'
required: true
I am using the azure/k8s-bake repository as part of my GitHub Actions workflow to render Kubernetes yaml resource manifests using Helm. However, I am encountering an issue where I am unable to add new chart URLs to the repository.
I have tried using the arguments parameter to pass in the --repo flag with the URL of the new chart repository, as well as using the helm repo add command to add the new chart repository before running the helm template command. However, neither of these methods seem to have any effect.
due to run the helm dependency update
command , it appears to fail when attempting to retrieve charts from remote repositories, resulting in errors that prevent my workflow from completing successfully. Specifically, I am receiving error messages indicating that the remote chart repository is not accessible or that it cannot be found.
It might be like this.
/usr/bin/unzip -o -q /home/runner/work/_temp/b66e215b-7c6e-4950-b1d7-094a40964c34
Running helm dependency update command..
/opt/hostedtoolcache/helm/3.11.3/x64/linux-amd64/helm dependency update <my-chart>/<my-app>
Error: could not find naturalselectionlabs/web-app: stat <my-chart>/<my-app>: no such file or directory
Error: Failed to run bake action. Error: Error: The process '/opt/hostedtoolcache/helm/3.11.3/x64/linux-amd64/helm' failed with exit code 1
at ExecState._setResult (/home/runner/work/_actions/azure/k8s-bake/v2.4/lib/index.js:31[16](https://github.com/NaturalSelectionLabs/Daedalus/actions/runs/4782724271/jobs/8502343921#step:7:17):25)
at ExecState.CheckComplete (/home/runner/work/_actions/azure/k8s-bake/v2.4/lib/index.js:3099:18)
at ChildProcess.<anonymous> (/home/runner/work/_actions/azure/k8s-bake/v2.4/lib/index.js:2993:27)
at ChildProcess.emit (node:events:527:28)
at maybeClose (node:internal/child_process:1092:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)
/home/runner/work/_actions/azure/k8s-bake/v2.4/lib/index.js:7427
throw Error(util.format('Failed to run bake action. Error: %s', err));
^
Any sugguestion for feature? I'm glad to create PR.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.