Fix rendering issue in modules.app.job when cronjobs are enabled and private values are defined
Open, HighPublic
Actions

Assigned To

None

Authored By

	brouberol
	Apr 19 2024, 7:46 AM

Description

When investigating a CI failure seemingly unrelated with the submitted patch, I encountered a bug in the modules/app/job_1.0.0.tpl template.

After investigating, it appeared that this bug is only triggered when cronjobs are enabled and private values are defined.

Here are steps to reproduce the issue:

~/wmf/deployment-charts master *17 ?4 ❯ ./create_new_service.sh
What will be the name of your chart? test
INFO:sextant:Loading available components
INFO:sextant:Creating the chart from /Users/brouberol/wmf/deployment-charts/_scaffold/service
===> Available components:

* generic-application
  Basic component for generic (non-LAMP) applications

* LAMP
  Basic LAMP application component.

* ingress
  Kubernetes ingress setup with istio.

* service-mesh
  Sets up the service mesh and the TLS termination (if needed)

* prometheus-statsd
  sets up prometheus-statsd-exporter

* mcrouter
  sets up mcrouter
==> Please select a component by name (q to quit)
> generic-application
INFO:wmflib.interactive:User input is: "generic-application"
===> Available components:

* ingress
  Kubernetes ingress setup with istio.

* service-mesh
  Sets up the service mesh and the TLS termination (if needed)

* prometheus-statsd
  sets up prometheus-statsd-exporter

* mcrouter
  sets up mcrouter
Already selected: generic-application
==> Please select a component by name (q to quit)
> ingress
INFO:wmflib.interactive:User input is: "ingress"
===> Available components:

* service-mesh
  Sets up the service mesh and the TLS termination (if needed)

* prometheus-statsd
  sets up prometheus-statsd-exporter

* mcrouter
  sets up mcrouter
Already selected: generic-application,ingress
==> Please select a component by name (q to quit)
> service-mesh
INFO:wmflib.interactive:User input is: "service-mesh"
===> Available components:

* prometheus-statsd
  sets up prometheus-statsd-exporter

* mcrouter
  sets up mcrouter
Already selected: generic-application,ingress,service-mesh
==> Please select a component by name (q to quit)
> q
INFO:wmflib.interactive:User input is: "q"
Selected components: generic-application,ingress,service-mesh


===> Please answer the following questions:

* Please input the complete name of the image (without the registry)

> whatever
* Please input the port that this service will live on. If this service
  is not behind an ingress (i.e. you didn't select the "ingress"
  component), please reserve a port at
  https://wikitech.wikimedia.org/wiki/Kubernetes/Service_ports
> 8000
Chart test created, now vendoring dependencies.
INFO:sextant:Copied modules/app/generic_1.0.1.tpl => charts/test/templates/vendor/app/generic_1.0.1.tpl
INFO:sextant:Copied modules/base/helper_1.1.1.tpl => charts/test/templates/vendor/base/helper_1.1.1.tpl
INFO:sextant:Copied modules/base/meta_2.0.0.tpl => charts/test/templates/vendor/base/meta_2.0.0.tpl
INFO:sextant:Copied modules/base/name_1.0.0.tpl => charts/test/templates/vendor/base/name_1.0.0.tpl
INFO:sextant:Copied modules/app/job_1.0.1.tpl => charts/test/templates/vendor/app/job_1.0.1.tpl
INFO:sextant:Copied modules/base/external-services-networkpolicy_1.0.1.tpl => charts/test/templates/vendor/base/external-services-networkpolicy_1.0.1.tpl
INFO:sextant:Copied modules/base/networkpolicy_1.2.0.tpl => charts/test/templates/vendor/base/networkpolicy_1.2.0.tpl
INFO:sextant:Copied modules/ingress/istio_1.0.3.tpl => charts/test/templates/vendor/ingress/istio_1.0.3.tpl
INFO:sextant:Copied modules/mesh/configuration_1.7.0.tpl => charts/test/templates/vendor/mesh/configuration_1.7.0.tpl
INFO:sextant:Copied modules/mesh/certificate_1.1.0.tpl => charts/test/templates/vendor/mesh/certificate_1.1.0.tpl
INFO:sextant:Copied modules/mesh/name_1.1.0.tpl => charts/test/templates/vendor/mesh/name_1.1.0.tpl
INFO:sextant:Copied modules/mesh/deployment_1.3.0.tpl => charts/test/templates/vendor/mesh/deployment_1.3.0.tpl
INFO:sextant:Copied modules/mesh/networkpolicy_1.2.0.tpl => charts/test/templates/vendor/mesh/networkpolicy_1.2.0.tpl
INFO:sextant:Copied modules/mesh/service_1.1.0.tpl => charts/test/templates/vendor/mesh/service_1.1.0.tpl

I then define the following data in values.yaml:

config:
  public: {} # Add here all the keys that can be publicly available as a ConfigMap
  private:
    password: secretpassword

~/wmf/deployment-charts master *17 ?5 ❯ helm template myrelease ./charts/test -f ./charts/test/.fixtures/cronjob_enabled.yaml
Error: template: test/templates/cronjob.yaml:24:14: executing "test/templates/cronjob.yaml" at <include "app.job.container" (dict "Root" $root "Job" $cronjob)>: error calling include: template: test/templates/vendor/base/name_1.0.0.tpl:35:27: executing "base.name.release" at <.Chart.Name>: nil pointer evaluating interface {}.Name

Use --debug flag to render out invalid YAML

The issue comes from a series of indentation errors and a wrong variable passing in modules/app/job_1.0.0.tpl, specifically in:

- name: {{ $k }}
    valueFrom:
    secretKeyRef:
        name: {{ template "base.name.release" $ }}-secret-config
        key: {{ $k }}

This block should actually read

- name: {{ $k }}
   valueFrom:
      secretKeyRef:
        name: {{ template "base.name.release" $.Root }}-secret-config
        key: {{ $k }}

With this, rendering works:

~/wmf/deployment-charts master *17 ?5 ❯ helm template myrelease ./charts/test -f ./charts/test/.fixtures/cronjob_enabled.yaml | grep -C 2 
# Source: test/templates/service.yaml
--
                secretKeyRef:
                  name: test-myrelease-secret-config
                  key: password

          resources:
--
            imagePullPolicy: IfNotPresent
            env:
            - name: password
              valueFrom:
                secretKeyRef:
                  name: test-myrelease-secret-config
                  key: password
            command:
              - /bin/cowsay

Details

	Subject	Repo	Branch	Lines +/-
	modules: release a new version of app.job	operations/deployment-charts	master	+50 -0

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open		jijiki	T365224 ipoid charts app.job module has out of band changes
		Open		None	T362954 Fix rendering issue in modules.app.job when cronjobs are enabled and private values are defined

Event Timeline

brouberol created this task.Apr 19 2024, 7:46 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 19 2024, 7:46 AM

Change #1021843 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] modules: release a new version of app.job

https://gerrit.wikimedia.org/r/1021843

gerritbot added a project: Patch-For-Review.Apr 19 2024, 7:49 AM

@jijiki I recall you had dug up some things around jobs/cronjobs as well, maybe you can take a look?

JMeybohm added a project: serviceops.Apr 19 2024, 8:01 AM

brouberol added a project: Data-Platform-SRE (2024.04.15 - 2024.05.05).Apr 19 2024, 8:10 AM

brouberol updated the task description. (Show Details)

Gehel triaged this task as High priority.Apr 19 2024, 9:08 AM

Gehel moved this task from Backlog to Needs Review on the Data-Platform-SRE (2024.04.15 - 2024.05.05) board.

@brouberol thank you for finding this. While I had spotted this in the past, I began working on updating the module T356885, as its current design is somewhat limited. If you are currently blocked, my suggestion is for you to go ahead with this minor update, for now. When I make some time to properly finish T356885, I will update any charts with active jobs anyway. @JMeybohm any objections?