capsule icon indicating copy to clipboard operation
capsule copied to clipboard

Published 20 hours ago verified publisher icon projectcapsule

Capsule upgrade from 0.7.2 -> 0.7.3 failing in FluxCD due to missing capsule-capsule-proxy-certgen Job

Open heytrav opened this issue 9 months ago • 6 comments
trafficstars

Bug description

FluxCD is failing to upgrade Capsule from v0.7.2 -> v0.7.3 and reporting the following:

Helm upgrade failed for release capsule/capsule-capsule with chart [email protected]: jobs.batch "capsule-capsule-proxy-certgen" not found

The Job doesn't exist, but I'm not sure why it is not being created. Running

helm template capsule projectcapsule/capsule --set serviceMonitor.enabled=true --set proxy.enabled=true --set certManager.generateCertificates=true --set fullnameOverride=capsule-capsule

Produces yaml with a capsule-proxy-certgen job, but i haven't figured out why Fluxcd isn't creating it.

How to reproduce

Steps to reproduce the behavior:

  1. Provide the Capsule Tenant YAML definitions
  2. Provide all managed Kubernetes resources
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: capsule
  namespace: flux-system
spec:
  serviceAccountName: helm-controller
  chart:
    spec:
      chart: capsule
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: projectcapsule
      version: '>=0.7.2 < 0.8.0'
  install:
    crds: Create
    createNamespace: true
    remediation:
      retries: -1
  interval: 5m0s
  targetNamespace: capsule
  upgrade:
    crds: CreateReplace
  values:
    serviceMonitor:
      enabled: true
    proxy:
      enabled: true
    certManager:
      generateCertificates: true
    # tls:
    #   enableController: false
    fullnameOverride: capsule-capsule

Expected behavior

I expect the Job to be created when FluxCD automatically upgraded the helm chart.

Logs

If applicable, please provide logs of capsule.

In a standard stand-alone installation of Capsule, you'd get this by running kubectl -n capsule-system logs deploy/capsule-controller-manager.

Additional context

  • Capsule version: (capsule --version)
  • Helm Chart version: (helm list -n capsule-system)
  • Kubernetes version: (kubectl version)

heytrav avatar Feb 06 '25 19:02 heytrav

Right it looks to me like the problem might be in the capsule-proxy repo. I have certManager.generateCertificates: true in my helm values, but that conditional prevents it from applying the Job if that's the case so it won't be created.

Should that cause the upgrade to fail though?

heytrav avatar Feb 06 '25 19:02 heytrav

No we lost helm hook annotations, i will have to check when i am home. Expect a fix by tomorrow

oliverbaehler avatar Feb 06 '25 19:02 oliverbaehler

I was just about to move this over to https://github.com/projectcapsule/capsule-proxy/issues/643 but will hold on for now. Thanks for getting back!

heytrav avatar Feb 06 '25 19:02 heytrav

@heytrav can you try version 0.7.4?

oliverbaehler avatar Feb 10 '25 16:02 oliverbaehler

FluxCD tried to upgrade it for me already, but unfortunately it looks like I'm currently getting the same error.

Helm upgrade failed for release capsule/capsule-capsule with chart [email protected]: jobs.batch "capsule-capsule-proxy-certgen" not found

I see that these are true by default

options:

  enableSSL: true

  generateCertificates: true

I don't override them in my own values but at the moment I'm not sure why that job isn't starting (or if it should now).

heytrav avatar Feb 10 '25 18:02 heytrav

This pull request has been automatically closed because it has been inactive for more than 60 days. Please reopen if you still intend to submit this pull request.

github-actions[bot] avatar May 21 '25 00:05 github-actions[bot]