connaisseur icon indicating copy to clipboard operation
connaisseur copied to clipboard

Published 20 hours ago verified publisher icon sse-secure-systems

Duplicate MutatingWebhookConfiguration

Open graipher opened this issue 8 months ago • 3 comments

Describe the bug There are currently two MutatingWebhookConfiguration resources in the chart (defined here), but they have the same name. While helm ignores this, k8s will (probably) apply only the second one, overwriting the first. But, crucially for me, when trying to inflate the helm chart using kustomize it (properly) fails saying that a resource with that ID already exists.

Expected behavior The two webhook configurations should have unique names.

To reproduce

  1. Create a folder connaisseur and place these two files inside:

    1. a kustomization.yml file:

      namespace: connaisseur
resources:
  - namespace.yml
helmCharts:
  - name: connaisseur
    repo: https://sse-secure-systems.github.io/connaisseur/charts
    namespace: connaisseur
    version: 2.5.0

    2. a namespace.yml file:

      apiVersion: v1
kind: Namespace
metadata:
  name: connaisseur

  2. Run kustomize build connaisseur --enable-helm and get the following error:

    Error: could not parse rnode slice into resource map: may not add resource with an already registered id: 
MutatingWebhookConfiguration.v1.admissionregistration.k8s.io/connaisseur-webhook.[noNs]

Versions:

  • OS: Ubuntu 24.04
  • Connaisseur: 3.5.0
  • Connaisseur Helm chart: 2.5.0
  • Helm: v3.15.0-rc.2
  • Kustomize: v5.4.2

Additional context The two webhook configurations do differ in their annotations, but that is not enough to make them unique. Currently they are defined as:

apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: {{ include "connaisseur.webhookName" . }}
  labels:
    {{- include "connaisseur.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": post-delete
    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
...
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: {{ include "connaisseur.webhookName" . }}
  labels:
    {{- include "connaisseur.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": post-install, post-upgrade, post-rollback
...

graipher avatar Jun 21 '24 06:06 graipher