Skip to content

FluxCD helm release fails when using ocirepo resource as chart reference #3435

New issue
New issue
Open
#3811
Open
FluxCD helm release fails when using ocirepo resource as chart reference#3435
#3811
Assignees
a1994sc
Labels
possible-bug 🐛
@a1994sc

Description

@a1994sc
a1994sc
opened on Jan 27, 2025

Environment

App version: v0.47.0
Kubernetes distro being used: kind, rke2

Steps to reproduce

  1. Create files in the Additional Context section
  2. Package those files and deploy to a zarf cluster with fluxcd installed

Expected result

The helm-controller installs the 0.13.0 version of the external-secrets helm-release

Actual Result

Helm throws a version mismatch error because of the -zarf- and crc32 checksum

Visual Proof (screenshots, videos, text, etc)

artifact revision 0.13.0-zarf-3677108702 does not match chart version 0.13.0

Resolution

I think that zarf should allow the ability to remove the crc32 checksum from resources when a certain annotation is provided:
zarf.dev/remove-checksum

Additional Context

kustomization.yml

---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: external-secrets
resources:
  - namespace.yml
  - helm-release.yml
  - oci-repo.yml
configMapGenerator:
  - name: hr-values-external-secrets
    files:
      - values.yaml
    options:
      disableNameSuffixHash: true

helm-release.yml

---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: external-secrets
spec:
  interval: 1m
  chartRef:
    kind: OCIRepository
    name: ghcr-io-external-secrets
  valuesFrom:
    - kind: ConfigMap
      name: hr-values-external-secrets
      optional: false

namespace.yml

---
apiVersion: v1
kind: Namespace
metadata:
  name: external-secrets

oci-repo.yml

---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
  name: ghcr-io-external-secrets
spec:
  interval: 12h
  layerSelector:
    mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip"
    operation: copy
  url: oci://ghcr.io/external-secrets/charts/external-secrets
  ref:
    tag: 0.13.0

values.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/deploy/charts/external-secrets/values.schema.json
leaderElect: true
replicaCount: 2
image:
  repository: ghcr.io/external-secrets/external-secrets
  flavour: ubi-boringssl
webhook:
  replicaCount: 2
  image:
    repository: ghcr.io/external-secrets/external-secrets
    flavour: ubi-boringssl
certController:
  replicaCount: 2
  image:
    repository: ghcr.io/external-secrets/external-secrets
    flavour: ubi-boringssl

zarf.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/zarf-dev/zarf/main/zarf.schema.json
kind: ZarfPackageConfig
metadata:
  name: external-secrets
  # renovate: datasource=docker depName=ghcr.io/external-secrets/charts/external-secrets
  version: 0.13.0
components:
  - name: main
    manifests:
      - name: external-secrets
        namespace: external-secrets # This is where the helm secret/state is stored.
        kustomizations:
          - ./.
    images:
      - ghcr.io/external-secrets/external-secrets:v0.13.0-ubi-boringssl
      - ghcr.io/external-secrets/charts/external-secrets:0.13.0
  - name: images
    required: false
    charts:
      - name: external-secrets
        namespace: external-secrets
        url: oci://ghcr.io/external-secrets/charts/external-secrets
        version: 0.13.0
        valuesFiles:
          - values.yaml

Metadata

Metadata

Assignees

Labels

possible-bug 🐛

Type

No type

Projects

Zarf

Status

In progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions