Update secret.yaml causing deployment issues in Flux CD tutorial
What does this MR do and why?
This MR updates the secret.yaml file provided in the FLuxCD + GitLab tutorial (https://docs.gitlab.com/ee/user/clusters/agent/gitops/flux_tutorial.html). While preparing for a demo, I followed the tutorial and got stuck after deploying the secret.yaml before proceeding to agentk.yaml resource file. It could not find the token I had just deployed.
Screenshots or screen recordings or Logs
[10:46:57] [~] ❱❱❱ kubectl describe hr gitlab-agent -n gitlab
Name: gitlab-agent
Namespace: gitlab
Labels: kustomize.toolkit.fluxcd.io/name=flux-system
kustomize.toolkit.fluxcd.io/namespace=flux-system
Annotations: <none>
API Version: helm.toolkit.fluxcd.io/v2beta1
Kind: HelmRelease
Metadata:
Creation Timestamp: 2023-08-22T08:31:29Z
Finalizers:
finalizers.fluxcd.io
Generation: 7
Resource Version: 10386570
UID: 5b9fbf70-2225-4072-99d8-1067627f6fb1
Spec:
Chart:
Spec:
Chart: gitlab-agent
Reconcile Strategy: ChartVersion
Source Ref:
Kind: HelmRepository
Name: gitlab-agent
Namespace: gitlab
Version: *
Interval: 1h0m0s
Values:
Config:
Kas Address: wss://kas.gitlab.com
Values From:
Kind: Secret
Name: gitlab-agent-token
Values Key: values.yaml
Status:
Conditions:
Last Transition Time: 2023-08-22T08:46:46Z
Message: install retries exhausted
Reason: InstallFailed
Status: False
Type: Ready
Last Transition Time: 2023-08-22T08:46:46Z
Message: Helm install failed: rendered manifests contain a resource that already exists. Unable to continue with install: Secret "gitlab-agent-token" in namespace "gitlab" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "gitlab-agent"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "gitlab"
Last Helm logs:
Reason: InstallFailed
Status: False
Type: Released
Failures: 6
Helm Chart: gitlab/gitlab-gitlab-agent
Install Failures: 1
Last Attempted Revision: 1.18.0
Last Attempted Values Checksum: 0cd933687273be4851459d60a81a0351c129c14d
Observed Generation: 7
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal info 15m helm-controller HelmChart 'gitlab/gitlab-gitlab-agent' is not ready
Warning error 10m (x2 over 15m) helm-controller Helm install failed: rendered manifests contain a resource that already exists. Unable to continue with install: Secret "gitlab-agent-token" in namespace "gitlab" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "gitlab-agent"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "gitlab"
Last Helm logs:
Warning error 10m (x2 over 15m) helm-controller reconciliation failed: Helm install failed: rendered manifests contain a resource that already exists. Unable to continue with install: Secret "gitlab-agent-token" in namespace "gitlab" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "gitlab-agent"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "gitlab"
Warning error 4m26s (x17 over 15m) helm-controller reconciliation failed: install retries exhausted
Warning error 3m41s (x3 over 3m43s) helm-controller could not find Secret 'gitlab/gitlab-agent-token'
Normal info 32s (x3 over 15m) helm-controller Helm install has started
How to set up and validate locally
values.yaml file used, copied as is from the tutorial:
apiVersion: v1
kind: Secret
metadata:
name: gitlab-agent-token-initial
type: Opaque
stringData:
values.yaml: |-
config:
token: "<your-token-here>"
Final version that worked after reading the logs:
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/managed-by: Helm
annotations:
meta.helm.sh/release-name: gitlab-agent
meta.helm.sh/release-namespace: gitlab
name: gitlab-agent-token
type: Opaque
stringData:
values.yaml: |-
config:
token: "<your-token-here>"
The Flux configuration and other resources used are available at https://gitlab.com/gitlab-de/playground/abubakar/flux-config-demo/-/tree/main/clusters/oke-demo?ref_type=heads
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.