https://pulumi.com logo
Powered by
o

orange-policeman-59119

05/04/2019, 7:13 PM
@adamant-intern-63433 I suspect that's a problem with the underlying chart. Can you show us the snippet of code where 
.Values.podDnsConfig.nameservers
is referenced in the chart?
a

adamant-intern-63433

05/04/2019, 7:22 PM
Thanks @orange-policeman-59119 I was actually trying and comparing the charts just now. This happens with istio chart which comes from 
<https://gcsweb.istio.io/gcs/istio-release/releases/1.1.5/charts/>
and the config belongs to certmanager (`https://github.com/jetstack/cert-manager/blob/release-0.7/deploy/charts/cert-manager/templates/deployment.yaml#L119`). I was trying to compare the one that istio has and the original one and it seems OK individually. There could be a clash with another part of the result yaml. My full istio chart values are something like this
Copy code
const istioChartValues = {
            prometheus: { enabled: true },
            grafana: { enabled: true },
            tracing: { enabled: true },
            certmanager: {
                enabled: true,
                email: "<mailto:xt@x.com|xt@x.com>",
                podDnsPolicy: "None",
                podDnsConfig: {
                    nameservers: ["1.1.1.1", "8.8.8.8"]
                }

            },
            gateways: {
                "istio-ingressgateway":
                {
                    serviceAnnotations: { "<http://service.beta.kubernetes.io/azure-load-balancer-internal|service.beta.kubernetes.io/azure-load-balancer-internal>": true }, //<https://docs.microsoft.com/en-us/azure/aks/internal-lb#create-an-internal-load-balancer>
                }
            },
        }
According to the documents, setting the 
podDnsConfig
of cert-manager looks like
Copy code
helm install --name cert-manager \
    --namespace cert-manager \
    --set "podDnsPolicy"="None" \
    --set "podDnsConfig.nameservers[1]"="1.1.1.1" \
    --set "podDnsConfig.nameservers[2]"="8.8.8.8" \
    stable/cert-manager
which matches with my config, I believe
o

orange-policeman-59119

05/04/2019, 7:34 PM
No, that's different, in a weird way
Unless it uses 1 based indexing?
a

adamant-intern-63433

05/04/2019, 7:34 PM
uh, oh
How can I make it match in TS?
o

orange-policeman-59119

05/04/2019, 7:35 PM
That's a good question. I think the docs are wrong here and I wonder if the chart is broken
Helm uses 0 based indexing with array 
--set
, I just checked my own configs
Here's a question for you, why are you trying to set nameservers?
a

adamant-intern-63433

05/04/2019, 7:37 PM
There is an internal / private domain clashing on Let's Encrypt challenge
o

orange-policeman-59119

05/04/2019, 7:38 PM
huh
okay
a

adamant-intern-63433

05/04/2019, 7:38 PM
I'll try to set and escape the values. Thanks much
o

orange-policeman-59119

05/04/2019, 7:39 PM
Yeah, worse comes to worse you can just edit the chart directly. Helm get it, commit the chart to your repo, and use the chart with a relative path and manually set the template how you want.
a

adamant-intern-63433

05/04/2019, 7:42 PM
I was avoiding that but could be the last resort. Thanks for helping me finding a new angle.
I confirm that certmanager chart of istio has problem on this issue. This is what it produces
Copy code
dnsPolicy: None
      dnsConfig:
              nameservers:
        - 1.1.1.1
        - 8.8.8.8
Powered by