azure / k8s-bake Goto Github PK

Hi! There's a tag called v2.2 in this repo but no release. This leads to GitHub Workflows using v2.1 when referencing azure/k8s-bake@v2. I discovered this because the namespace option wasn't recognised. This is misleading.

It seems that 'helm2' is valid as the renderEngine, and not 'helm':

However the README has renderEngine: 'helm'. Should this be helm2?

I have pipeline with job:

deploy:
name: 'Deploy to dev'
runs-on: ubuntu-latest
environment: dev
defaults:
run:
shell: bash
working-directory: src-web

But the step is not using this working directory and I have to use direct ./src-web path

• uses: azure/k8s-bake@v1
  with:
  renderEngine: 'helm'
  helmChart: './src-web/charts/web'
  helm-version: 'latest'
  silent: 'false'
  id: bake

We have a k8s-bake step setup as follows:

- name: Bake manifests
  id: bake
  uses: azure/k8s-bake@v1
  with:
    renderEngine: kustomize
    kustomizationPath: ./k8s/overlays/${{ github.event.deployment.payload.environment }}
    kubectl-version: 'v1.20.5'

The weird issue we are seeing though, is for some of our teams, this step works just fine. When it works, for the version check it's calling /opt/hostedtoolcache/kubectl/1.20.5/x64/kubectl version --client=true -o json

However, for some teams it fails and when it fails, it's failing on the version check. When examining the logs, I notice that it's calling /opt/hostedtoolcache/kubectl/1.20.5/x64 version --client=true -o json (notice the missing /kubectl at the end of the path). The failure message is indicating that the command being executed isn't found (which makes sense because it's not actually calling the Kubectl CLI).

There doesn't seem to be a rhyme or reason either. We first noticed it for a team that was running k8s-bake twice, one after the other; however, another team is noticing when only running k8s-bake once. Other teams are unaffected, but all teams are using the exact same YAML listed above.

Feature request

Currently, while running k8s-bake, Github Actions is giving this warning

Warning: The set-output command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Please consider to use environment files to make the warning disappear.

In Github Actions I got the error using azure/k8s-bake@v2 task.

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: azure/k8s-bake@v2

Could you please update deprecated version?

What happened?

When running k8s-bake in two steps in the same workflow with the same Helm version, the second step will attempt to run Helm using the cached directory rather than the cached executable.

Expected: the second step will run Helm using the executable from the cached directory.

Actual:

Error: Failed to run bake action. Error: Error: Unable to locate executable file: /opt/hostedtoolcache/helm/3.8.2/x64. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.

Example:

- name: Bake one
  uses: azure/[email protected]
  with:
    renderEngine: 'helm'
    helmChart: ./deploy/charts/one
    helmVersion: 'v3.8.2'
    releaseName: one
    namespace: ${{ inputs.namespace }}
  id: bake-one

- name: Bake etwo
  uses: azure/[email protected]
  with:
    renderEngine: 'helm'
    helmChart: ./deploy/charts/two
    helmVersion: 'v3.8.2'
    releaseName: two
    namespace: ${{ inputs.namespace }}
  id: bake-two

Version

• I am using the latest version

Runner

ubuntu-20.04

Relevant log output

From the first step:

##[debug]..Evaluating inputs:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'helm_version'
##[debug]=> 'v3.8.2'
##[debug]Result: 'v3.8.2'
##[debug]Loading env
##[debug]isExplicit: 3.8.2
##[debug]explicit? true
##[debug]checking cache: /opt/hostedtoolcache/helm/3.8.2/x64
##[debug]not found
##[debug]Downloading helm version v3.8.2
##[debug]isExplicit: 3.8.2
##[debug]explicit? true
##[debug]checking cache: /opt/hostedtoolcache/helm/3.8.2/x64
##[debug]not found
##[debug]Downloading https://get.helm.sh/helm-v3.8.2-linux-amd64.zip
##[debug]Destination /home/runner/work/_temp/a2fc0041-7f26-4f83-8bb0-9e8b278fe3fa
##[debug]download complete
/usr/bin/unzip -o /home/runner/work/_temp/a2fc0041-7f26-4f83-8bb0-9e8b278fe3fa
Archive:  /home/runner/work/_temp/a2fc0041-7f26-4f83-8bb0-9e8b278fe3fa
   creating: linux-amd64/
  inflating: linux-amd64/helm        
  inflating: linux-amd64/LICENSE     
  inflating: linux-amd64/README.md   
##[debug]Caching tool helm 3.8.2 x64
##[debug]source dir: /home/runner/work/_temp/7f48691e-708f-4b3b-bfda-3d19755[62](https://github.com/_/_/actions/runs/5070527400/jobs/9106346737#step:3:63)b50
##[debug]destination /opt/hostedtoolcache/helm/3.8.2/x[64](https://github.com/_/_/actions/runs/5070527400/jobs/9106346737#step:3:65)
##[debug]finished caching tool
##[debug]LICENSE
##[debug]README.md
##[debug]helm
##[debug]Helm executable path /opt/hostedtoolcache/helm/3.8.2/x64/linux-amd64/helm

From the second step:

##[debug]..Evaluating inputs:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'helm_version'
##[debug]=> 'v3.8.2'
##[debug]Result: 'v3.8.2'
##[debug]Loading env
##[debug]isExplicit: 3.8.2
##[debug]explicit? true
##[debug]checking cache: /opt/hostedtoolcache/helm/3.8.2/x64
##[debug]Found tool in cache helm 3.8.2 x64
##[debug]Helm executable path /opt/hostedtoolcache/helm/3.8.2/x64

I'm using this action to build manifests with Kustomize.

      - uses: azure/k8s-bake@v1
        with:
          renderEngine: 'kustomize'
          kustomizationPath: '...'
          kubectl-version: 'latest'

This mostly works well, but I have one problem; I can't see build error logs even if Kustomize fails and have to debug manifests by running kubectl kustomize manually.

Is there a way to see error logs from Kustomize?

The k8s-bake action currently does not support the case when the helm chart has a dependency on other charts, which is specified in the requirements.yaml. ‘helm dependency update’ command should be executed in the action, before the chart is baked.

Hi, can you do a new release with helm namespace feature please ?
At the moment (March 22nd 2022) main doesn't work so I'll wait for the new release ;)

Given that the template command is executed in silent mode; there aren't any error logs printed if they fail.
Conditionally check if there are failures and print using core.error

Feature request

In the Helm example, it is clear that the separator for key and value is :, for example replicas:2. However, I think it's easy to accidentally use = as the separator like replicas=2, perhaps because some other GH actions use it (e.g., docker/build-push-action using it for build-args and secrets) or it's used in shells for variables. (Note: our team actually made this typo and it even slipped through the review.)

Would it be in scope of the action to check for this mistake? In the current implementation, I believe that if replicas=2 are given, then the overrideName would be replicas=2 and overrideValue would be empty. Is there a use case for an empty value? If an empty value is detected and a single = character found in overrideName, would it make sense to fail with an error or at least give a warning?

Alternatively, would it be possible to support = as a valid key-value separator? (Personally, I don't think this is the right way.)

Feel free to close this issue with "not in scope" or "there are reasons why this wouldn't work/would be too tricky".

I'm using k8s-bake and then trying to use the manifest.

My actions are:

 - uses: azure/k8s-bake@v1
      with:
        renderEngine: 'kompose'
        dockerComposeFile: './docker-compose.yaml'
        kompose-version: 'latest'
      id: bake

    - uses: Azure/k8s-deploy@v1
      with:
        manifests: ${{ steps.bake.outputs.manifestsBundle }}
        images: |
          docker.pkg.github.com/[my-org]/[my-repo]/[image-name]:${{ github.sha }}
        imagepullsecrets: |
          demo-k8s-secret

It seems like k8s-bake is producing a manifest file -

##[debug]steps.bake.outputs.manifestsBundle='/home/runner/work/_temp/baked-template-1591632223529.yaml'

But the deploy step returns:

##[debug]toolRunner toolPath: /opt/hostedtoolcache/kubectl/1.18.3/x64/kubectl
##[debug]/opt/hostedtoolcache/kubectl/1.18.3/x64/kubectl arg: ["apply","-f","","--namespace","default"]
##[debug]exec tool: /opt/hostedtoolcache/kubectl/1.18.3/x64/kubectl
##[debug]arguments:
##[debug]   apply
##[debug]   -f
##[debug]   
##[debug]   --namespace
##[debug]   default
/opt/hostedtoolcache/kubectl/1.18.3/x64/kubectl apply -f  --namespace default
##[error]Error: error: must specify one of -f and -k
##[debug]Node Action run completed with exit code 1

With a kubectl action, I get the following error:
But then using the mainfest produces the error:

error: the path "/home/runner/work/_temp/baked-template-1591632223529.yaml" does not exist

Here's the debug log for this step:

##[debug]Evaluating condition for step: 'deploy to cluster'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: deploy to cluster
##[debug]Loading inputs
##[debug]Evaluating: format('apply -f ***0***', steps.bake.outputs.manifestsBundle)
##[debug]Evaluating format:
##[debug]..Evaluating String:
##[debug]..=> 'apply -f ***0***'
##[debug]..Evaluating Index:
##[debug]....Evaluating Index:
##[debug]......Evaluating Index:
##[debug]........Evaluating steps:
##[debug]........=> Object
##[debug]........Evaluating String:
##[debug]........=> 'bake'
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'outputs'

Hi,
I would like to install and use specific version of kubectl (v1.27.7) in order to fit with the api server of my AKS cluster (that I have upgraded). I use v3 version of k8s-bake.
After reading the metadata file https://github.com/Azure/k8s-bake/blob/main/action.yml, I noticed that kubectl-version parameter is available to "Installs a specific version of kubectl binary" as it is written in the description.

I do not understand why in my GitHub action workflow logs, the kubectl version is still the latest one (v1.30.1) despite my configuration as you can see in the snapshot below:

This is a snippet of my GitHub action workflow:

   -    name: Configure deployment
        uses: azure/k8s-bake@v3
        with:
          renderEngine: 'kustomize'
          kustomizationPath: ${{ inputs.overlay_path }}
          kubectl-version: '1.27.7' # I also tried v1.27.7
        id: bake

Please notice I also tried to use v1.27.7 version but the result remains the same.
I have certainly misunderstood something but I dont know what is it.
Thanks in advance for your help
Have a nice day
Regards,
Julien

When having a chart with dependencies against official charts, we need to run helm init first.

In reference to #12

If releaseName is specified as an input parameter, there is an error:
"Error: unknown flag: --name".
There are a few changes in Helm 3. --name is not supported in version 3
It is --release-name in Helmv3

Hi, I'm unable to bake manifsest
I have kustomization.yaml file with content:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default

helmChartInflationGenerator:
  - chartName: sealed-secrets
    chartRepoUrl: https://bitnami-labs.github.io/sealed-secrets
    chartVersion: 2.0.2
    releaseName: sealed-secrets
    releaseNamespace: base
    values: ./values.yaml

and I'm indicate on it in my action azure/[email protected]

      - name: Bake deployment SealedSecrets
        uses: azure/[email protected]
        with:
          renderEngine: 'kustomize'
          args: --enable-helm #  I need something like this 
          kustomizationPath: ${{ inputs.KUSTOMIZE_SEALED_SECRETS_PATH }}
          kubectl-version: latest
        id: bake-sealed-secrets

but in this step I'm receiving a error

error: accumulating resources: accumulation err='accumulating resources from '../../../base/sealed-secrets': '/home/runner/work/code-iac/code-iac/argocd/iac/base/sealed-secrets' must resolve to a file': recursed accumulation of path '/home/runner/work/code-iac/code-iac/argocd/iac/base/sealed-secrets': trouble configuring builtin HelmChartInflationGenerator with config: `
name: sealed-secrets
releaseName: sealed-secrets
repo: https://bitnami-labs.github.io/sealed-secrets
valuesFile: ./values.yaml
version: 2.0.2
`: must specify --enable-helm
Error: Error: Failed to run bake action. Error: Error: The process '/opt/hostedtoolcache/kubectl/1.23.4/x64/kubectl' failed with exit code 1
    at ExecState._setResult (/home/runner/work/_actions/azure/k8s-bake/v2.1/node_modules/@actions/exec/lib/toolrunner.js:592:25)
    at ExecState.CheckComplete (/home/runner/work/_actions/azure/k8s-bake/v2.1/node_modules/@actions/exec/lib/toolrunner.js:575:18)
    at ChildProcess.<anonymous> (/home/runner/work/_actions/azure/k8s-bake/v2.1/node_modules/@actions/exec/lib/toolrunner.js:469:27)
    at ChildProcess.emit (events.js:[31](https://github.com/xxx/runs/5496238727?check_suite_focus=true#step:5:31)4:20)
    at maybeClose (internal/child_process.js:1022:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

in kustomize I can reproduce it with ommit flag --enable-helm but after I add it to args like this:
kustomize build --enable-helm . it works perfeclty
There is any plan to add this feature?

according to this helm/helm#5465

I think it is the best practice to use {{ .Release.Namespace }} However, it won't work with bake since there is no namespace for input

When specifying images information via overrides leading spaces gives an error when deploying

overrides: |
            image.repository: ${{ vars.ACR_LOGIN_SERVER }}/${{ var.chartname }}/${{ var.applicationname }}
            image.tag: ${{ github.sha }}-${{ github.ref_name }}

Causes issue:

spec.containers[0].image: Invalid value: "
must not have leading or trailing whitespace

In action.yml snipper below, currently only helm2 is supported. Could you please support other values as well since helm3 has already been released and this required variable is a little misleading. Thanks!
inputs:
renderEngine:
description: 'Acceptable values: helm2 or kompose or kustomize'
required: true

I am using the azure/k8s-bake repository as part of my GitHub Actions workflow to render Kubernetes yaml resource manifests using Helm. However, I am encountering an issue where I am unable to add new chart URLs to the repository.

I have tried using the arguments parameter to pass in the --repo flag with the URL of the new chart repository, as well as using the helm repo add command to add the new chart repository before running the helm template command. However, neither of these methods seem to have any effect.

due to run the helm dependency update command , it appears to fail when attempting to retrieve charts from remote repositories, resulting in errors that prevent my workflow from completing successfully. Specifically, I am receiving error messages indicating that the remote chart repository is not accessible or that it cannot be found.

It might be like this.

/usr/bin/unzip -o -q /home/runner/work/_temp/b66e215b-7c6e-4950-b1d7-094a40964c34
Running helm dependency update command..
/opt/hostedtoolcache/helm/3.11.3/x64/linux-amd64/helm dependency update <my-chart>/<my-app>
Error: could not find naturalselectionlabs/web-app: stat <my-chart>/<my-app>: no such file or directory
Error: Failed to run bake action. Error: Error: The process '/opt/hostedtoolcache/helm/3.11.3/x64/linux-amd64/helm' failed with exit code 1
    at ExecState._setResult (/home/runner/work/_actions/azure/k8s-bake/v2.4/lib/index.js:31[16](https://github.com/NaturalSelectionLabs/Daedalus/actions/runs/4782724271/jobs/8502343921#step:7:17):25)
    at ExecState.CheckComplete (/home/runner/work/_actions/azure/k8s-bake/v2.4/lib/index.js:3099:18)
    at ChildProcess.<anonymous> (/home/runner/work/_actions/azure/k8s-bake/v2.4/lib/index.js:2993:27)
    at ChildProcess.emit (node:events:527:28)
    at maybeClose (node:internal/child_process:1092:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)
/home/runner/work/_actions/azure/k8s-bake/v2.4/lib/index.js:7427
                throw Error(util.format('Failed to run bake action. Error: %s', err));
                      ^

Any sugguestion for feature? I'm glad to create PR.