Skip to content

Update secret.yaml causing deployment issues in Flux CD tutorial

Abubakar Siddiq Ango requested to merge abubakar-flux-tutorial-update into master

What does this MR do and why?

This MR updates the secret.yaml file provided in the FLuxCD + GitLab tutorial (https://docs.gitlab.com/ee/user/clusters/agent/gitops/flux_tutorial.html). While preparing for a demo, I followed the tutorial and got stuck after deploying the secret.yaml before proceeding to agentk.yaml resource file. It could not find the token I had just deployed.

Screenshots or screen recordings or Logs

[10:46:57] [~] ❱❱❱ kubectl describe hr gitlab-agent -n gitlab
Name:         gitlab-agent
Namespace:    gitlab
Labels:       kustomize.toolkit.fluxcd.io/name=flux-system
              kustomize.toolkit.fluxcd.io/namespace=flux-system
Annotations:  <none>
API Version:  helm.toolkit.fluxcd.io/v2beta1
Kind:         HelmRelease
Metadata:
  Creation Timestamp:  2023-08-22T08:31:29Z
  Finalizers:
    finalizers.fluxcd.io
  Generation:        7
  Resource Version:  10386570
  UID:               5b9fbf70-2225-4072-99d8-1067627f6fb1
Spec:
  Chart:
    Spec:
      Chart:               gitlab-agent
      Reconcile Strategy:  ChartVersion
      Source Ref:
        Kind:       HelmRepository
        Name:       gitlab-agent
        Namespace:  gitlab
      Version:      *
  Interval:         1h0m0s
  Values:
    Config:
      Kas Address:  wss://kas.gitlab.com
  Values From:
    Kind:        Secret
    Name:        gitlab-agent-token
    Values Key:  values.yaml
Status:
  Conditions:
    Last Transition Time:  2023-08-22T08:46:46Z
    Message:               install retries exhausted
    Reason:                InstallFailed
    Status:                False
    Type:                  Ready
    Last Transition Time:  2023-08-22T08:46:46Z
    Message:               Helm install failed: rendered manifests contain a resource that already exists. Unable to continue with install: Secret "gitlab-agent-token" in namespace "gitlab" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "gitlab-agent"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "gitlab"

Last Helm logs:


    Reason:                        InstallFailed
    Status:                        False
    Type:                          Released
  Failures:                        6
  Helm Chart:                      gitlab/gitlab-gitlab-agent
  Install Failures:                1
  Last Attempted Revision:         1.18.0
  Last Attempted Values Checksum:  0cd933687273be4851459d60a81a0351c129c14d
    Observed Generation:             7
Events:
  Type     Reason  Age                From             Message
  ----     ------  ----               ----             -------
  Normal   info    15m                helm-controller  HelmChart 'gitlab/gitlab-gitlab-agent' is not ready
  Warning  error   10m (x2 over 15m)  helm-controller  Helm install failed: rendered manifests contain a resource that already exists. Unable to continue with install: Secret "gitlab-agent-token" in namespace "gitlab" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "gitlab-agent"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "gitlab"

Last Helm logs:
  Warning  error  10m (x2 over 15m)      helm-controller  reconciliation failed: Helm install failed: rendered manifests contain a resource that already exists. Unable to continue with install: Secret "gitlab-agent-token" in namespace "gitlab" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "gitlab-agent"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "gitlab"
  Warning  error  4m26s (x17 over 15m)   helm-controller  reconciliation failed: install retries exhausted
  Warning  error  3m41s (x3 over 3m43s)  helm-controller  could not find Secret 'gitlab/gitlab-agent-token'
  Normal   info   32s (x3 over 15m)      helm-controller  Helm install has started

How to set up and validate locally

values.yaml file used, copied as is from the tutorial:

apiVersion: v1
kind: Secret
metadata:
  name: gitlab-agent-token-initial
type: Opaque
stringData:
  values.yaml: |-
    config:
      token: "<your-token-here>"

Final version that worked after reading the logs:

apiVersion: v1
kind: Secret
metadata:
  labels:
    app.kubernetes.io/managed-by: Helm
  annotations:
    meta.helm.sh/release-name: gitlab-agent
    meta.helm.sh/release-namespace: gitlab
  name: gitlab-agent-token
type: Opaque
stringData:
  values.yaml: |-
    config:
      token: "<your-token-here>"

The Flux configuration and other resources used are available at https://gitlab.com/gitlab-de/playground/abubakar/flux-config-demo/-/tree/main/clusters/oke-demo?ref_type=heads

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Abubakar Siddiq Ango

Merge request reports