Helm 2to3 tries to annotate objects in wrong namespace
Summary
Helm 2to3 conversion job fails to annotate and label existing resources due to lack of namespace argument
Steps to reproduce
- Add https://gitlab.com/gitlab-org/gitlab/-/raw/master/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml as an include to
.gitlab-ci.yml
. - Run Helm 2to3 migration job.
Example Project
Key factors in project where this happened:
- Had an existing Helm 2 chart install that needed migration.
- Services defined by the chart install had the
chart
label set to the name of the chart.
What is the current bug behavior?
- Helm 2to3 migration job fails with error message similar to this one:
$ for release in $releases; do # collapsed multi-line command
Adopting Helm v2 manifests from production
Error from server (Forbidden): services "production-device" is forbidden: User "system:serviceaccount:some-namespace:gitlab" cannot get resource "services" in API group "" in the namespace "gitlab-runner"
Possible fixes
https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml#L44 lacks `-n "$KUBE_NAMESPACE"
By The Way
GitLab is awesome. You're doing a great job!