Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using a k8s CRD fails due to ArgoCD App k8s service still not ready even though the ArgoCD App is marked as healthy/synced and the helm chart has parameter wait #3316

Open
cooervo opened this issue Nov 20, 2024 · 1 comment
Open

Using a k8s CRD fails due to ArgoCD App k8s service still not ready even though the ArgoCD App is marked as healthy/synced and the helm chart has parameter wait #3316

cooervo opened this issue Nov 20, 2024 · 1 comment
Labels
kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team

Comments

@cooervo
Copy link

cooervo commented Nov 20, 2024
edited
Loading

What happened?

Getting error when running pulumi update:

 Preview failed: resource "urn:pulumi:mc-predev::foo-infra::kubernetes:external-secrets.io/v1alpha1:ClusterSecretStore::
dev-cluster-secret-store" was not successfully created by the Kubernetes API server: conversion webhook for external-secrets.io/v1alpha1,
 Kind=ClusterSecretStore failed: Post "https://external-secrets-webhook.external-secrets.svc:443/convert?timeout=30s": 
service "external-secrets-webhook" not found

Example

I'm getting the above error when trying to install in same pulumi update the following 2 resources:

// The ArgoCD app installing the helm chart for external-secrets
 const externalSecretsApp = new Application.argoproj.v1alpha1.Application(
    `${env}-external-secrets-app`,
    {
      name: 'external-secrets',
      namespace: 'external-secrets',
      sources: [
        {
          path: 'kubernetes/helm/charts/external-secrets/',
          helm: {
            parameters: [
              {
                name: 'wait',
                value: 'true',
              },
            ],
            valueFiles: [`../../values/external-secrets/${env}.values.yaml`],
            ...
          repoURL: INFRA_REPO_URL,
          targetRevision: env,
        },
      ],
    ...
    },
    {
      provider,
      dependsOn: [...],
    },
  );

// The CRD I previously got from using crd2pulumi --nodejsPath ClusterSecretStore ClusterSecretStore.yaml    
  const clusterSecretStore =
    new ClusterSecretStore.external_secrets.v1alpha1.ClusterSecretStore(
      `${env}-cluster-secret-store`,
      {
        metadata: {
          name: 'gcp-cluster-secret-store',
        },
        spec: {
          provider: {
            // gcpsm = GCP  Secret Manager
            gcpsm: {
              projectID: GCP_PROJECT,
            },
          },
        },
      },
      { dependsOn: [...], provider },
    );

Even though first resource, externalSecretsApp, is dependency in dependsOn of second resource, clusterSecretStore, I still get the error:

 Preview failed: resource "urn:pulumi:mc-predev::foo-infra::kubernetes:external-secrets.io/v1alpha1:ClusterSecretStore::
dev-cluster-secret-store" was not successfully created by the Kubernetes API server: conversion webhook for external-secrets.io/v1alpha1, 
Kind=ClusterSecretStore failed: Post "https://external-secrets-webhook.external-secrets.svc:443/convert?timeout=30s": 
service "external-secrets-webhook" not found

Output of pulumi about

pulumi about
CLI          
Version      3.139.0
Go Version   go1.23.3
Go Compiler  gc

Plugins
KIND      NAME        VERSION
resource  command     1.0.1
resource  gcp         8.0.0
resource  kubernetes  4.18.1
language  nodejs      unknown
resource  random      4.16.7
resource  std         1.7.3

Host     
OS       darwin
Version  14.6.1
Arch     arm64

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@cooervo cooervo added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Nov 20, 2024
@cooervo
Copy link
Author

cooervo commented Nov 20, 2024

I also tried wrapping the CRD in a custom resource but still get same error:

const clusterSecretStore = new k8s.apiextensions.CustomResource(
    `${env}-cluster-secret-store`,
    {
      apiVersion: 'external-secrets.io/v1alpha1',
      kind: 'ClusterSecretStore',
      metadata: {
        name: 'gcp-cluster-secret-store',
      },
      spec: {
        provider: {
          // gcpsm = GCP  Secret Manager
          gcpsm: {
            projectID: GCP_PROJECT,
          },
        },
      },
    },
    { dependsOn: [externalSecretsApp], provider },
  );

@cooervo cooervo changed the title Using a k8s CRD fails due to ArgoCD app service still not ready even though the ArgoCD App is marked as healthy/synced Using a k8s CRD fails due to ArgoCD App k8s service still not ready even though the ArgoCD App is marked as healthy/synced and the helm chart has parameter wait Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cooervo