You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The secret-cluster-agent-token.yaml template contains the randAlphaNum function to generate a random token if one is not specific via values. This leads to multiple values of token since its invoked multiple times within the datadog chart during helm install.
The secret-cluster-agent-token.yaml template is called 3 separate times which then causes the generation of 3 separate values for the token value:
daemonset.yaml calculating the sha256sum for annotation.checksum/clusteragent_token:
checksum/clusteragent_token: {{ include (print $.Template.BasePath "/secret-cluster-agent-token.yaml") . | sha256sum }}
Manifest for the results of secret-cluster-agent-token.yaml template for the actual secret datadog-cluster-agent
Helm recommends the following to workaround the limitation of using a unique random string across multiple resources:
Each invocation of the template function will generate a unique random string. This means that if it's necessary to sync the random strings used by multiple resources, all relevant resources will need to be in the same template file.
Additional discussion around the recommendation for syncing random strings across multiple resources: helm/helm#6456 (comment)
Reproduce
You can confirm this by noting that the sha256sum value is different for the annotation.checksum/clusteragent_token across both resources in the cluster.
Change the sha256sum function to b64enc for each annotation.checksum/clusteragent_token and then use base64 -d to read back out the results of the secret-cluster-agent-token.yaml template. The token does not match the actual token datadog-cluster-agent in secrets.
Fix
Would the team be open to combining the templates for daemonset.yaml, cluster-agent-deployment.yaml, and secret-cluster-agent-token.yaml to fix the behavior?
It would be helpful to correct this behavior so its possible to leverage the lookup function (potentially) to make the chart idempotent: #604 (comment)
Version Info
datadog chart: 3.83.0
k8s:
Client Version: v1.31.0
Kustomize Version: v5.4.2
Server Version: v1.31.2-eks-7f9249a
The text was updated successfully, but these errors were encountered:
Description
The
secret-cluster-agent-token.yaml
template contains therandAlphaNum
function to generate a random token if one is not specific via values. This leads to multiple values oftoken
since its invoked multiple times within thedatadog
chart duringhelm install
.The
secret-cluster-agent-token.yaml
template is called 3 separate times which then causes the generation of 3 separate values for thetoken
value:daemonset.yaml
calculating thesha256sum
forannotation.checksum/clusteragent_token
:helm-charts/charts/datadog/templates/daemonset.yaml
Line 43 in 29ff9d0
cluster-agent-deployment.yaml
calculating thesha256sum
forannotation.checksum/clusteragent_token
:helm-charts/charts/datadog/templates/cluster-agent-deployment.yaml
Line 52 in 29ff9d0
secret-cluster-agent-token.yaml
template for the actual secretdatadog-cluster-agent
Helm recommends the following to workaround the limitation of using a unique random string across multiple resources:
Additional discussion around the recommendation for syncing random strings across multiple resources: helm/helm#6456 (comment)
Reproduce
sha256sum
value is different for theannotation.checksum/clusteragent_token
across both resources in the cluster.datadog/templates/cluster-agent-deployment.yaml
:datadog/templates/daemonset.yaml
:sha256sum
function tob64enc
for eachannotation.checksum/clusteragent_token
and then usebase64 -d
to read back out the results of thesecret-cluster-agent-token.yaml
template. Thetoken
does not match the actual tokendatadog-cluster-agent
in secrets.Fix
Would the team be open to combining the templates for
daemonset.yaml
,cluster-agent-deployment.yaml
, andsecret-cluster-agent-token.yaml
to fix the behavior?It would be helpful to correct this behavior so its possible to leverage the
lookup
function (potentially) to make the chart idempotent: #604 (comment)Version Info
3.83.0
The text was updated successfully, but these errors were encountered: