Clash between ingress.class annotation and ingressClassName attribute in latest charts #1000
Description
We are using Terraform and a "helm_release" resource to deploy chart version 10.2.1 in our EKS cluster.
During a clean install when ingressClassName is provided in values we encounter an error as if an ingress.class annotation has also been provided somehow. The opposite does not apply (having the annotation in place with ingressClassName commented out works fine).
While we do override the ingress annotations with a bunch of our own it seems as if the charts default annotation value makes it in there no matter what causing the issue.
Our values' snippet:
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST"
nginx.ingress.kubernetes.io/cors-allow-headers: "Accept,Accept-Version,Authorization,Cache-ControlContent-Length,Content-MD5,Content-Type,Date,DNT,If-Modified-Since,Keep-Alive,User-Agent,X-Auth-Token,X-CustomHeader,X-Requested-With"
nginx.ingress.kubernetes.io/cors-expose-headers: "X-Auth-Token"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-max-age: "3600"
nginx.ingress.kubernetes.io/enable-modsecurity: 'true'
nginx.ingress.kubernetes.io/enable-owasp-core-rules: 'true'
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleEngine On
SecAction \"id:900200,phase:1,log,pass,t:none,setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT DELETE\'\"
nginx.ingress.kubernetes.io/modsecurity-transaction-id: $request_id
pathType: ImplementationSpecific
hosts:
- host: ${openfaas_domain}
serviceName: gateway
servicePort: 8080
path: /Expected Behaviour
The helm_release should produce the openfaas release on the cluster.
Current Behaviour
The "helm_release" fails with the following message:
│ Error: Ingress.extensions "openfaas-ingress" is invalid: annotations.kubernetes.io/ingress.class: Invalid value: "nginx": can not be set when the class field is also set
│
│ with module.infrastructure-layer-iac.helm_release.openfaas,
│ on .terraform/modules/infrastructure-layer-iac/openfaas.tf line 1, in resource "helm_release" "openfaas":
│ 1: resource "helm_release" "openfaas" {
Are you a GitHub Sponsor (Yes/No?)
Check at: https://github.com/sponsors/openfaas
- Yes
- No
List All Possible Solutions and Workarounds
If my hunch is correct removing the default value from values.yaml in the section ingress.annotations: "kubernetes.io/ingress.class: "nginx" should fix this.
Steps to Reproduce (for bugs)
- Use terraform and create a "helm_release" resource to install OpenFaas helm chart
- Override at least the values provided above
- Execute terraform plan and terraform apply
Your Environment
- FaaS-CLI version ( Full output from:
faas-cli version):
0.14.1 - Docker version
docker version(e.g. Docker 17.0.05 ):
20.10.13-2.amzn2 - What version and distriubtion of Kubernetes are you using?
kubectl version
Client Version: version.Info{Major:"1", Minor:"17+", GitVersion:"v1.17.9-eks-4c6976", GitCommit:"4c6976793196d70bc5cd29d56ce5440c9473648e", GitTreeState:"clean", BuildDate:"2020-07-17T19:00:19Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"windows/amd64"}
Server Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.14-eks-18ef993", GitCommit:"ac73613dfd25370c18cbbbc6bfc65449397b35c7", GitTreeState:"clean", BuildDate:"2022-07-06T18:06:50Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"} - Operating System and version (e.g. Linux, Windows, MacOS):
EKS-optimized Amazon Linux