Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reporting drift fails if the CRD is removed #204

Closed
gianlucam76 opened this issue Jun 12, 2024 · 0 comments
Closed

Reporting drift fails if the CRD is removed #204

gianlucam76 opened this issue Jun 12, 2024 · 0 comments
Assignees
@gianlucam76

Comments

@gianlucam76
Copy link
Member

gianlucam76 commented Jun 12, 2024
edited
Loading

Deploy cert-manager

apiVersion: config.projectsveltos.io/v1alpha1
kind: ClusterProfile
metadata:
  name: cert-manager
spec:
  clusterSelector: env=fv
  helmCharts:
    - repositoryURL:    https://charts.jetstack.io
      repositoryName:   cert-manager
      chartName:        cert-manager/cert-manager
      chartVersion:     v1.14.5
      releaseName:      cert-manager
      releaseNamespace: cert-manager
      helmChartAction:  Install
      values: |
        installCRDs: true

Then deploy ClusterIssuer using a second ClusterProfile

apiVersion: config.projectsveltos.io/v1alpha1
kind: ClusterProfile
metadata:
  name: clusterissuer
spec:
  dependsOn:
  - cert-manager
  clusterSelector: env=fv
  syncMode: ContinuousWithDriftDetection
  policyRefs:
  - name: clusterissuer
    namespace: default
    kind: ConfigMap
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: clusterissuer
  namespace: default
data:
  clusterissuer.yaml: |
    apiVersion: cert-manager.io/v1
    kind: ClusterIssuer
    metadata:
      name: cloudflare
      namespace: cert-manager
    spec:
      acme:
        email: raspberry-pi@home.pi 
        server: https://acme-staging-v02.api.letsencrypt.org/directory
        privateKeySecretRef:
          # Secret resource that will be used to store the account's private key.
          name: example-issuer-account-key
        # Add a single challenge solver, HTTP01 using nginx
        solvers:
        - http01:
             ingress:
               class: nginx

Cert-manager is deployed and so is ClusterIssuer.

Now change ClusterProfile cert-manager so it does not match anymore. Cert-manager and ClusterIssuer CRD will be removed (and so all ClusetrIssuers instance).

Drift-detect-manager detects the drift, but fails to report to the management cluster.

I0612 10:39:59.221556       1 drift_evaluation.go:38] "Evaluating Configuration drift"
I0612 10:39:59.225888       1 drift_evaluation.go:52] "Evaluating resource for configuration drift" resource="/cloudflare" gvk="cert-manager.io/v1, Kind=ClusterIssuer"
E0612 10:39:59.240108       1 drift_evaluation.go:55] "failed to evaluate resource" err="no matches for kind \"ClusterIssuer\" in version \"cert-manager.io/v1\"" resource="/cloudflare" gvk="cert-manager.io/v1, Kind=ClusterIssuer"
I0612 10:39:59.240141       1 drift_evaluation.go:65] "requeuing resource for evaluation" resource="/cloudflare" gvk="cert-manager.io/v1, Kind=ClusterIssuer"
@gianlucam76 gianlucam76 self-assigned this Jun 12, 2024
@gianlucam76 gianlucam76 mentioned this issue Jun 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gianlucam76 gianlucam76

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gianlucam76