Comments (9)
Explicit "expected minimum" for sure can be added to docs as well as a hard "no" in the helm chart for below them - no arguments there.
As for the convention, helm binaries have a page that specify what its expected to work with. The chart itself could just put a check in _helpers.tpl
that does a check like...
{{- if and (semverCompare ">= 1.15.0 < 1.16.0" .Capabilities.KubeVersion.GitVersion) .Values.installCRDs -}}
{{- fail "Kubernetes 1.15.x clusters must manually install the legacy CRDs" -}}
{{- else if semverCompare "< 1.15.0" .Capabilities.KubeVersion.GitVersion -}}
{{- fail "Kubernetes versions prior to 1.15.x are not supported" -}}
{{- end }}
from secret-manager.
It looks like 1.16+ is required.
My 1.12 cluster has apiextensions.k8s.io/v1beta1
and CRDs were promoted to v1 as of 1.16: kubernetes/kubernetes#79604
from secret-manager.
Correct. We do have the legacy CRDs available in the repo but are still working on some of the missing pieces of documentation that would have pointed you to the right place. For clusters < 1.16 you need to set to false and manually install the CRDs. Sorry for the confusion!
from secret-manager.
Thanks. I'll submit a PR to update docs if you'd like.
from secret-manager.
Apparently the legacy CRDs only work on 1.15+ clusters.
On my 1.12 cluster this results errors when trying to install the CRD:
💥 preserveUnknownFields: false
error validating "secret-manager.itscontained.io_clustersecretstores.yaml": error validating data: ValidationError(CustomResourceDefinition.spec): unknown field "preserveUnknownFields" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.CustomResourceDefinitionSpec; if you choose to ignore these errors, turn validation off with --validate=false
💻 Fix: remove preserveUnknownFields
from all files
💥 x-kubernetes-preserve-unknown-fields: true
error validating "secret-manager.itscontained.io_externalsecrets.yaml": error validating data: ValidationError(CustomResourceDefinition.spec.validation.openAPIV3Schema.properties.spec.properties.template): unknown field "x-kubernetes-preserve-unknown-fields" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.JSONSchemaProps; if you choose to ignore these errors, turn validation off with --validate=false
💻 Fix: remove x-kubernetes-preserve-unknown-fields: true
from deploy/crds/legacy/secret-manager.itscontained.io_externalsecrets.yaml
💥 default
Error from server (Invalid): error when creating "secret-manager.itscontained.io_clustersecretstores.yaml": CustomResourceDefinition.apiextensions.k8s.io "clustersecretstores.secret-manager.itscontained.io" is invalid: [spec.validation.openAPIV3Schema.properties[spec].properties[vault].properties[auth].properties[appRole].properties[path].default: Forbidden: default is not supported, spec.validation.openAPIV3Schema.properties[spec].properties[vault].properties[auth].properties[kubernetes].properties[mountPath].default: Forbidden: default is not supported]
💻 Fix: remove defaults in deploy/crds/secret-manager.itscontained.io_clustersecretstores.yaml
and deploy/crds/legacy/secret-manager.itscontained.io_secretstores.yaml
from secret-manager.
@devth 1.12 was EOL 2019-07-08. Although this should technically work on 1.15+ do you have any reasoning on why we should support EOL cluster versions? Reference
from secret-manager.
Nope, but at least putting the above out in the open might help someone else, or me 2 weeks from now.
For various reasons I am stuck on a 1.12 cluster for at least another month 😱 .
from secret-manager.
I wonder if there's any convention in Helm or elsewhere for specifying minimum K8S version. Then at least it'd be explicit.
from secret-manager.
Re-opening this, should be able to generate legacy crd's which work with v1.11-v1.15 (although these will have less functionality) with the controller-gen option crd:trivialVersions=true
from secret-manager.
Related Issues (20)
- Maintain Changelog with Github actions
- Simplify StoreFactory interface
- Cleanup Readme and move examples to docs
- sed usage appears to be non-portable HOT 1
- RBAC Issue - ClusterRole Colliding - when installing the helm chart multiple times HOT 2
- Investigate using Prow for Issue/PR management
- Fatal error in brand new install of 0.2.0 HOT 3
- Error when attempting to run tests HOT 1
- secret-manager panic - vault HOT 1
- Use event recorder to provide more detailed error messages
- Add support for separate Kubernetes cluster SecretStore
- Deprecate support for Kubernetes <1.15
- Vault secretstore: AWS IAM (IRSA) authentication HOT 2
- Add controller field to SecretStore to allow for multiple ambient credential deployments HOT 1
- Error while creating an AWS Secrets Manager secret HOT 2
- Templating is broken HOT 3
- Issue with local e2e testing
- Release latest
- support to create aws-ssm full secret string as key in k8s secret
- charts.itscontained.io is down - or was it permanently removed? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secret-manager.