Issue installing when installCRDs is set to true about secret-manager HOT 9 CLOSED

Explicit "expected minimum" for sure can be added to docs as well as a hard "no" in the helm chart for below them - no arguments there.

As for the convention, helm binaries have a page that specify what its expected to work with. The chart itself could just put a check in _helpers.tpl that does a check like...

{{- if and (semverCompare ">= 1.15.0 < 1.16.0" .Capabilities.KubeVersion.GitVersion) .Values.installCRDs -}}
  {{- fail "Kubernetes 1.15.x clusters must manually install the legacy CRDs" -}}
{{- else if semverCompare "< 1.15.0" .Capabilities.KubeVersion.GitVersion -}}
  {{- fail "Kubernetes versions prior to 1.15.x are not supported" -}}
{{- end }}

from secret-manager.

It looks like 1.16+ is required.

My 1.12 cluster has apiextensions.k8s.io/v1beta1 and CRDs were promoted to v1 as of 1.16: kubernetes/kubernetes#79604

from secret-manager.

Correct. We do have the legacy CRDs available in the repo but are still working on some of the missing pieces of documentation that would have pointed you to the right place. For clusters < 1.16 you need to set to false and manually install the CRDs. Sorry for the confusion!

from secret-manager.

Thanks. I'll submit a PR to update docs if you'd like.

from secret-manager.

Apparently the legacy CRDs only work on 1.15+ clusters.

On my 1.12 cluster this results errors when trying to install the CRD:

💥 preserveUnknownFields: false

crd pruning only works in versions greater than 1.15+

error validating "secret-manager.itscontained.io_clustersecretstores.yaml": error validating data: ValidationError(CustomResourceDefinition.spec): unknown field "preserveUnknownFields" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.CustomResourceDefinitionSpec; if you choose to ignore these errors, turn validation off with --validate=false

💻 Fix: remove preserveUnknownFields from all files

💥 x-kubernetes-preserve-unknown-fields: true

error validating "secret-manager.itscontained.io_externalsecrets.yaml": error validating data: ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.properties.template): unknown field "x-kubernetes-preserve-unknown-fields" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaProps; if you choose to ignore these errors, turn validation off with --validate=false

💻 Fix: remove x-kubernetes-preserve-unknown-fields: true from deploy/crds/legacy/secret-manager.itscontained.io_externalsecrets.yaml

💥 default

default was added in 1.15

Error from server (Invalid): error when creating "secret-manager.itscontained.io_clustersecretstores.yaml": CustomResourceDefinition.apiextensions.k8s.io "clustersecretstores.secret-manager.itscontained.io" is invalid: [spec.validation.openAPIV3Schema.properties[spec].properties[vault].properties[auth].properties[appRole].properties[path].default: Forbidden: default is not supported, spec.validation.openAPIV3Schema.properties[spec].properties[vault].properties[auth].properties[kubernetes].properties[mountPath].default: Forbidden: default is not supported]

💻 Fix: remove defaults in deploy/crds/secret-manager.itscontained.io_clustersecretstores.yaml and deploy/crds/legacy/secret-manager.itscontained.io_secretstores.yaml

from secret-manager.

@devth 1.12 was EOL 2019-07-08. Although this should technically work on 1.15+ do you have any reasoning on why we should support EOL cluster versions? Reference

from secret-manager.

Nope, but at least putting the above out in the open might help someone else, or me 2 weeks from now.

For various reasons I am stuck on a 1.12 cluster for at least another month 😱 .

from secret-manager.

I wonder if there's any convention in Helm or elsewhere for specifying minimum K8S version. Then at least it'd be explicit.

from secret-manager.

Re-opening this, should be able to generate legacy crd's which work with v1.11-v1.15 (although these will have less functionality) with the controller-gen option crd:trivialVersions=true

from secret-manager.