possible bug in values.yaml new version.

[sharmavijay86]

Hi i was just testing this in my sandbox.
Helm deployment is giving error.

 $ helm install orchestra tremolo/openunison-k8s-login-github --namespace openunison -f values-k8s-github.yaml 
Error: OpenUnison.openunison.tremolo.io "orchestra" is invalid: spec.myvd_configmap: Invalid value: "null": spec.myvd_configmap in body must be of type string: "null"

I tried with removed line of spec.myvd_configmap but no luck i have given

If i am giving any random value then it tries to mount cm . stucked in setup.

19s         Warning   FailedMount            pod/openunison-orchestra-cc4c5985f-khrwd      MountVolume.SetUp failed for volume "myvd-volume" : configmap "myvd" not found
24s         Warning   FailedMount            pod/openunison-orchestra-cc4c5985f-khrwd      Unable to attach or mount volumes: unmounted volumes=[myvd-volume], unattached volumes=[secret-volume myvd-volume openunison-orchestra-token-48pkj]: timed out waiting for the condition

Bellow is my values.yaml

network:
  openunison_host: "k8sou.apps.192-168-2-3.nip.io"
  dashboard_host: "k8sdb.apps.192-168-2-3.nip.io"
  api_server_host: "k8sapi.apps.192-168-2-3.nip.io"
  session_inactivity_timeout_seconds: 900
  k8s_url: https://192.168.1.15:6443
  createIngressCertificate: false
  ingress_type: nginx
  ingress_annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: "mylab"
  force_redirect_to_tls: true
  istio:
    selectors:
      istio: ingressgateway
  ingress_certificate: ou-tls-certificate

cert_template:
  ou: "Kubernetes"
  o: "MyOrg"
  l: "My Cluster"
  st: "State of Cluster"
  c: "MyCountry"

image: "docker.io/tremolosecurity/openunison-k8s-login-github:latest"
myvd_config_path: "WEB-INF/myvd.conf"
k8s_cluster_name: kubernetes
enable_impersonation: true
myvd_configmap: ""


dashboard:
  namespace: "kubernetes-dashboard"
  cert_name: "kubernetes-dashboard-certs"
  label: "k8s-app=kubernetes-dashboard"
  service_name: kubernetes-dashboard
certs:
  use_k8s_cm: false

trusted_certs: []

monitoring:
  prometheus_service_account: system:serviceaccount:monitoring:prometheus-k8s
github:
  client_id: 4fdxxxxxxxxxxxx2361
  teams: crazytechindia/admin


impersonation:
  use_jetstack: false
  jetstack_oidc_proxy_image: quay.io/jetstack/kube-oidc-proxy:v0.3.0
  explicit_certificate_trust: true
  ca_secret_name: ou-tls-certificate

network_policies:
  enabled: false
  ingress:
    enabled: true
    labels:
      app.kubernetes.io/name: ingress-nginx
  monitoring:
    enabled: true
    labels:
      app.kubernetes.io/name: monitoring
  apiserver:
    enabled: false
    labels:
      app.kubernetes.io/name: kube-system

services:
  enable_tokenrequest: false
  token_request_audience: api
  token_request_expiration_seconds: 600
  node_selectors: []
  pullSecret: ""

openunison:
  replicas: 1
  non_secret_data: {}
  secrets: []

[mlbiam]

i'm not able to reproduce the original issue with helm. can you double check your chart version? Also, can you provide the original values.yaml you're using?

[sharmavijay86]

i am following up the same readme of the repo .
So this is values.yaml i am using.

https://raw.githubusercontent.com/OpenUnison/helm-charts/master/openunison-k8s-login-github/values.yaml

if you see in this chart repo having 2 branches master and dynamic sso , both have this particulr valuse changes. seems this is new in current release. giving problem.

However i will try with fresh check again and let you know. meanwhile if you see this value i stated in above.

myvd_configmap: ""

[sharmavijay86]

hello Marc
You able to recreate? i tried with fresh setup also but same problem ..
I perform workaround to proceed.
in The helm chart myvd_configmap has been defined line number 299. I removed from chart so my deployment moves. Checking more.
update: Above fix works for me i got the setup working.

Next question is ? how to use enterprise github.

[mlbiam]

I think we found the issue. Update your helm repo (helm repo update) and upgrade the operator (helm upgrade openunison tremolo/openunison-operator -n openunison) once the new operator pod is running, upgrade your orchestra instance