Connectors Chart Incorrectly Includes Annotations As Labels
What Happened?
When using the connectors helm chart, .Values.deployment.annotations will be included in the rendered deployment labels. This can lead to manifests that get rejected by the Kubernetes API due to different validation rules for labels and annotations.
Specific Example
The issue arises when using a values file with annotations defined under the deployment section. For instance, the following values file:
deployment:
annotations:
"vault.security.banzaicloud.io/mutate-probes": "true"
"vault.security.banzaicloud.io/vault-addr": "https://vault.mycompany.com"
"vault.security.banzaicloud.io/vault-env-daemon": "true"
Will produce a deployment manifest with the annotations included as labels:
---
# Source: connectors/templates/entry-point.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: connectors
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: connectors
helm.sh/chart: connectors-0.1.14
vault.security.banzaicloud.io/mutate-probes: "true"
vault.security.banzaicloud.io/vault-addr: https://vault.mycompany.com
vault.security.banzaicloud.io/vault-env-daemon: "true"
name: release-name-connectors
spec:
This will result in a validation error due to the invalid label https://vault.mycompany.com.
What Did You Expect to Happen?
Annotations and labels should be handled separately. Given that there is no field currently for labels on deployments, the template should use the common labels on deployments and deployment annotations as annotations.
How Can We Reproduce It?
To reproduce the issue, use the following values file:
deployment:
annotations:
"vault.security.banzaicloud.io/mutate-probes": "true"
"vault.security.banzaicloud.io/vault-addr": "https://vault.mycompany.com"
"vault.security.banzaicloud.io/vault-env-daemon": "true"
Anything Else We Need to Know?
A quick scan of the code suggests that the issue may be located on line 97 of the deployment.go file in the connectors chart:
Labels: helmette.Merge(FullLabels(dot), values.Deployment.Annotations),
However, further investigation and testing are required to confirm this.
Which Are the Affected Charts?
The connectors chart is affected by this issue.
Chart Version(s)
The issue is present in version 0.1.14 of the connectors chart.
Cloud Provider
The issue is expected to be true for all cloud providers, including Azure.
JIRA Link
The issue is tracked in JIRA under the ticket K8S-599.
Conclusion
Q: What is the issue with the connectors helm chart?
A: The issue is that the chart incorrectly includes annotations as labels, leading to validation errors when deploying to a Kubernetes cluster.
Q: What is the expected behavior?
A: Annotations and labels should be handled separately. Given that there is no field currently for labels on deployments, the template should use the common labels on deployments and deployment annotations as annotations.
Q: How can I reproduce the issue?
A: To reproduce the issue, use the following values file:
deployment:
annotations:
"vault.security.banzaicloud.io/mutate-probes": "true"
"vault.security.banzaicloud.io/vault-addr": "https://vault.mycompany.com"
"vault.security.banzaicloud.io/vault-env-daemon": "true"
Q: What is the root cause of the issue?
A: The root cause of the issue is likely located on line 97 of the deployment.go file in the connectors chart:
Labels: helmette.Merge(FullLabels(dot), values.Deployment.Annotations),
However, further investigation and testing are required to confirm this.
Q: Which charts are affected by this issue?
A: The connectors chart is affected by this issue.
Q: What are the affected chart versions?
A: The issue is present in version 0.1.14 of the connectors chart.
Q: Is this issue specific to a particular cloud provider?
A: No, the issue is expected to be true for all cloud providers, including Azure.
Q: Where can I find more information about this issue?
A: The issue is tracked in JIRA under the ticket K8S-599.
Q: How can I contribute to resolving this issue?
A: If you are interested in contributing to resolving this issue, please review the code and provide a fix. You can also provide additional information or insights that may help in resolving the issue.
Q: What is the next step in resolving this issue?
A: The next step in resolving this issue is to further investigate and test the code to confirm the root cause of the issue and to provide a fix.
Q: When can I expect a fix for this issue?
A: A fix for this issue is expected to be available in a future version of the connectors chart. However, a specific timeline for the fix is not available at this time.