Capsule upgrade from 0.7.2 -> 0.7.3 failing in FluxCD due to missing capsule-capsule-proxy-certgen Job

[heytrav]

Bug description

FluxCD is failing to upgrade Capsule from v0.7.2 -> v0.7.3 and reporting the following:

Helm upgrade failed for release capsule/capsule-capsule with chart capsule@0.7.3: jobs.batch "capsule-capsule-proxy-certgen" not found

The Job doesn't exist, but I'm not sure why it is not being created. Running

helm template capsule projectcapsule/capsule --set serviceMonitor.enabled=true --set proxy.enabled=true --set certManager.generateCertificates=true --set fullnameOverride=capsule-capsule

Produces yaml with a capsule-proxy-certgen job, but i haven't figured out why Fluxcd isn't creating it.

How to reproduce

Steps to reproduce the behavior:

1. Provide the Capsule Tenant YAML definitions
2. Provide all managed Kubernetes resources

---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: capsule
  namespace: flux-system
spec:
  serviceAccountName: helm-controller
  chart:
    spec:
      chart: capsule
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: projectcapsule
      version: '>=0.7.2 < 0.8.0'
  install:
    crds: Create
    createNamespace: true
    remediation:
      retries: -1
  interval: 5m0s
  targetNamespace: capsule
  upgrade:
    crds: CreateReplace
  values:
    serviceMonitor:
      enabled: true
    proxy:
      enabled: true
    certManager:
      generateCertificates: true
    # tls:
    #   enableController: false
    fullnameOverride: capsule-capsule

Expected behavior

I expect the Job to be created when FluxCD automatically upgraded the helm chart.

Logs

If applicable, please provide logs of capsule.

In a standard stand-alone installation of Capsule,
you'd get this by running kubectl -n capsule-system logs deploy/capsule-controller-manager.

Additional context

• Capsule version: (capsule --version)
• Helm Chart version: (helm list -n capsule-system)
• Kubernetes version: (kubectl version)

[heytrav]

Right it looks to me like the problem might be in the capsule-proxy repo. I have certManager.generateCertificates: true in my helm values, but that conditional prevents it from applying the Job if that's the case so it won't be created.

Should that cause the upgrade to fail though?

[oliverbaehler]

No we lost helm hook annotations, i will have to check when i am home. Expect a fix by tomorrow

[heytrav]

I was just about to move this over to projectcapsule/capsule-proxy#643 but will hold on for now. Thanks for getting back!

[oliverbaehler]

@heytrav can you try version 0.7.4?

[heytrav]

FluxCD tried to upgrade it for me already, but unfortunately it looks like I'm currently getting the same error.

Helm upgrade failed for release capsule/capsule-capsule with chart capsule@0.7.4: jobs.batch "capsule-capsule-proxy-certgen" not found

I see that these are true by default

options:

  enableSSL: true

  generateCertificates: true

I don't override them in my own values but at the moment I'm not sure why that job isn't starting (or if it should now).