flux2 icon indicating copy to clipboard operation
flux2 copied to clipboard
verified publisher icon fluxcd

OCIrepository: not able to apply yaml

Open LittaKake opened this issue 11 months ago • 1 comments

Describe the bug

When trying to apply manifests from an oci repository I get this error from the kustomization object.

flux get ks NAME REVISION SUSPENDED READY MESSAGE
flux-system main@sha1:e8e82c0d False True Applied revision: main@sha1:e8e82c0d
securecodebox main@sha1:e8e82c0d False True Applied revision: main@sha1:e8e82c0d
tenants main@sha1:e8e82c0d False True Applied revision: main@sha1:e8e82c0d

k get kustomizations.kustomize.toolkit.fluxcd.io -n securecodebox securecodebox NAME AGE READY STATUS securecodebox 31m False failed to decode Kubernetes YAML from /tmp/kustomization-3934915096/operator/Chart.yaml: missing kind in object {{v2 } {{ } map[] map[]}}

k get ocirepositories.source.toolkit.fluxcd.io -n securecodebox securecodebox NAME URL READY STATUS AGE securecodebox oci://ghcr.io/securecodebox/helm/operator True stored artifact for digest '4.12.0@sha256:69015f17dfa26b429af6243c044de31cb40b42844fb7282815fe7589c85d4458' 31m

Steps to reproduce

  1. Setup an infrastructure folder with this file
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: securecodebox
  namespace: flux-system
spec:
  interval: 1m0s
  sourceRef:
    kind: GitRepository
    name: flux-system
  serviceAccountName: kustomize-controller
  path: ./infrastructure/securecodebox
  prune: true
  timeout: 1m
  1. In infrastructure/securecodebox add these files
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- source.yaml
- sync.yaml
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
  name: securecodebox
  namespace: securecodebox
spec:
  interval: 1m0s
  provider: generic
  url: oci://ghcr.io/securecodebox/helm/operator
  ref:
    tag: "4.12.0"
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: securecodebox
  namespace: securecodebox
spec:
  interval: 1m0s
  sourceRef:
    kind: OCIRepository
    name: securecodebox
  serviceAccountName: securecodebox
  path: ./
  prune: true
  timeout: 1m0s
---
apiVersion: v1
kind: Namespace
metadata:
  name: securecodebox
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: securecodebox
  namespace: securecodebox
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: securecodebox
rules: 
- apiGroups: [""]
  resources: ["*"] 
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: securecodebox
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: securecodebox
subjects:
- kind: ServiceAccount
  name: securecodebox
  namespace: securecodebox

Expected behavior

Apply the helm

Screenshots and recordings

No response

OS / Distro

mac

Flux version

v2.4.0

Flux check

► checking prerequisites ✔ Kubernetes 1.30.8-gke.1051000 >=1.28.0-0 ► checking version in cluster ✔ distribution: flux-v2.4.0 ✔ bootstrapped: true ► checking controllers ✔ helm-controller: deployment ready ► ghcr.io/fluxcd/helm-controller:v1.1.0 ✔ kustomize-controller: deployment ready ► ghcr.io/fluxcd/kustomize-controller:v1.4.0 ✔ notification-controller: deployment ready ► ghcr.io/fluxcd/notification-controller:v1.4.0 ✔ source-controller: deployment ready ► ghcr.io/fluxcd/source-controller:v1.4.1 ► checking crds ✔ alerts.notification.toolkit.fluxcd.io/v1beta3 ✔ buckets.source.toolkit.fluxcd.io/v1 ✔ gitrepositories.source.toolkit.fluxcd.io/v1 ✔ helmcharts.source.toolkit.fluxcd.io/v1 ✔ helmreleases.helm.toolkit.fluxcd.io/v2 ✔ helmrepositories.source.toolkit.fluxcd.io/v1 ✔ kustomizations.kustomize.toolkit.fluxcd.io/v1 ✔ ocirepositories.source.toolkit.fluxcd.io/v1beta2 ✔ providers.notification.toolkit.fluxcd.io/v1beta3 ✔ receivers.notification.toolkit.fluxcd.io/v1 ✔ all checks passed

Git provider

github

Container Registry provider

No response

Additional context

No response

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

LittaKake avatar Jan 20 '25 12:01 LittaKake

failed to decode Kubernetes YAML from /tmp/kustomization-3934915096/operator/Chart.yaml: missing kind in object {{v2 } {{ } map[] map[]}}

This means you have a Helm chart in the manifests from the OCI artifact, you have this Chart.yaml file. Don't use Kustomization to apply an OCI Helm chart, Kustomization does not understand the format of Helm charts. Use HelmRelease instead, which does understand the format of Helm charts.

If what you need is not to deploy this Helm chart, then remove it from the OCI artifact, then Kustomization will be able to deploy the other things.

matheuscscp avatar Jan 20 '25 14:01 matheuscscp