django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard

Published 20 hours ago verified publisher icon DefectDojo

Helm chart dynamic version detection not working

Open Gby56 opened this issue 3 years ago • 5 comments

Bug description I'm currently trying to redeploy DDojo 2.10.0 on an EKS cluster 1.22 v1.22.9-eks-a64ea69 I've been having lots of issues relating to Ingress definitions, I managed to correct a lot of them by tweaking the chart, but I think the semverCompare is not working as intended in the chart. (maybe because the EKS versioning is weird ?)

First error I was getting:

Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: resource mapping not found for name: "defectdojo" namespace: "" from "": no matches for kind "Ingress" in version "networking.k8s.io/v1beta1"

which clearly showed that the version detected was not correct imo ? I have changed the apiVersion in django-ingress.yaml to networking.k8s.io/v1 in both conditions of the {{- if semverCompare ">=1.19.0" .Capabilities.KubeVersion.GitVersion }}

Then I had a few more issues

Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(Ingress.spec.rules[0].http.paths[0]): missing required field "pathType" in io.k8s.api.networking.v1.HTTPIngressPath

Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: [ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field "serviceName" in io.k8s.api.networking.v1.IngressBackend, ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field "servicePort" in io.k8s.api.networking.v1.IngressBackend, ValidationError(Ingress.spec.rules[0].http.paths[0]): missing required field "pathType" in io.k8s.api.networking.v1.HTTPIngressPath]

Steps to reproduce Steps to reproduce the behavior: Try to deploy it on an EKS cluster ? maybe you could reproduce the issue if you could change the version returned by kubectl version or at least test the semverCompare, I think there are issues like this in other projects... https://github.com/kubernetes/ingress-nginx/issues/8271

my kubectl version: Server Version: version.Info{Major:"1", Minor:"22+", GitVersion:"v1.22.9-eks-a64ea69", GitCommit:"540410f9a2e24b7a2a870ebfacb3212744b5f878", GitTreeState:"clean", BuildDate:"2022-05-12T19:15:31Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"}

Deployment method (select with an X)

  • [ ] Docker Compose
  • [X] Kubernetes
  • [ ] GoDojo

Environment information

  • DefectDojo version (see footer) or commit message: 2.10.0

Gby56 avatar Jun 27 '22 08:06 Gby56

@Gby56, I did some research, looks like it is not the bug in our Helm, this is problem that EKS (AWS) is not respecting the semVer standard of versioning.

https://github.com/aws/containers-roadmap/issues/1404

I will rethink and maybe implement kind of workaround.

dsever avatar Jun 28 '22 06:06 dsever

I'm having the same issue with microk8s, it's probably not specific to EKS. However if I only get the manifest template (with helm template) it looks ok ... weird behaviour.

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"23+", GitVersion:"v1.23.9-2+88a2c6a14e7008", GitCommit:"88a2c6a14e7008ae9577b448c50091f44b6be572", GitTreeState:"clean", BuildDate:"2022-07-13T18:07:58Z", GoVersion:"go1.17.10", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23+", GitVersion:"v1.23.9-2+88a2c6a14e7008", GitCommit:"88a2c6a14e7008ae9577b448c50091f44b6be572", GitTreeState:"clean", BuildDate:"2022-07-13T18:05:30Z", GoVersion:"go1.17.10", Compiler:"gc", Platform:"linux/amd64"}

That being said,

the Capabilities.KubeVersion.GitVersion capability has been deprecated (removed?) from helm and should be replaced with Capabilities.KubeVersion.Version .

deprecation note: https://github.com/helm/helm/blob/72e2bff0aff44734056be2c859921f2cb22bb2f9/pkg/chartutil/capabilities.go#L82 GitVersion capability is no longer documented: https://helm.sh/docs/chart_template_guide/builtin_objects/

A better solution would be to use .Capabilities.APIVersions.Has "networking.k8s.io/v1"

metcox avatar Aug 24 '22 13:08 metcox

@metcox good point, I will adjust helm.

dsever avatar Aug 24 '22 14:08 dsever

@Gby56 and @metcox can you please test https://github.com/dsever/django-DefectDojo/tree/helmv3_check_capabilities I don't have AWS or microk8s

dsever avatar Aug 25 '22 10:08 dsever

@dsever it's working well with microk8s , thanks

metcox avatar Aug 25 '22 12:08 metcox