sealed-secrets fails to deploy #1124
Description
Describe the bug
- Helm is installing the sealed-secrets chart but using the release name from the Helm command (argocd), which is confusing and incorrect.
all.yamlis not referenced inkustomization.yaml(onlynamespace.yamlis), so Helm will be deploying only the chart’s default manifests without the intended overrides.- Namespace creation order problem -Helm sends all manifests from the post-renderer to the Kubernetes API in a single batch. The Namespace object from namespace.yaml is applied at the same time as other namespaced resources, so the namespace does not exist yet when those resources are created.
To Reproduce
Steps to reproduce the behavior:
- Run
install-sealed-secrets.sh
Expected behavior
Helm deploys the sealed-secrets chart.
Additional context
# /opt/genestack/bin/install-sealed-secrets.sh
Executing Helm command:
helm upgrade --install argocd oci://registry-1.docker.io/bitnamicharts/sealed-secrets --namespace=sealed-secrets --timeout 120m --post-renderer /etc/genestack/kustomize/kustomize.sh --post-renderer-args sealed-secrets/base -f /opt/genestack/base-helm-configs/sealed-secrets/helm-sealed-secrets-overrides.yaml
Release "sealed-secrets" does not exist. Installing it now.
Pulled: registry-1.docker.io/bitnamicharts/sealed-secrets:2.5.17
Digest: sha256:1a22a85a02e0a96087b5778db496c3fd4e5ebe35fa3ebf38dde56eca4d1f40f0
Error: create: failed to create: namespaces "sealed-secrets" not found"Existing contents of install-sealed-secrets.sh
#!/bin/bash
# Default parameter value
TARGET=${1:-base}
# Directory to check for YAML files
CONFIG_DIR="/etc/genestack/helm-configs/sealed-secrets"
# Helm command setup
HELM_CMD="helm upgrade --install argocd oci://registry-1.docker.io/bitnamicharts/sealed-secrets \
--namespace=sealed-secrets \
--timeout 120m \
--post-renderer /etc/genestack/kustomize/kustomize.sh \
--post-renderer-args sealed-secrets/${TARGET} \
-f /opt/genestack/base-helm-configs/sealed-secrets/helm-sealed-secrets-overrides.yaml"
# Check if YAML files exist in the specified directory
if compgen -G "${CONFIG_DIR}/*.yaml" > /dev/null; then
# Add all YAML files from the directory to the helm command
for yaml_file in "${CONFIG_DIR}"/*.yaml; do
HELM_CMD+=" -f ${yaml_file}"
done
fi
HELM_CMD+=" $@"
# Run the helm command
echo "Executing Helm command:"
echo "${HELM_CMD}"
eval "${HELM_CMD}"Existing kustomization.yaml configuration for sealed-secrets
# cat kustomization.yaml
sortOptions:
order: fifo
resources:
- './namespace.yaml'
namespace: sealed-secretsScreenshots
Attached the output and the steps I followed to get it working in the lab environment.