Search code examples
kuberneteskubernetes-helmdapr

install dapr helm chart on a second namespace while already installed on another namespace in same cluster

I am trying to install a second dapr helm chart on namespace "test" while it is already installed on namespace "dev" in same cluster.

helm upgrade -i --namespace $NAMESPACE \
    dapr-uat dapr/dapr
already installed config exists whith following name:

NAME                NAMESPACE   REVISION    UPDATED                                 STATUS      CHART                   APP VERSION
dapr                dev         1           2021-10-06 21:16:27.244997 +0100 +01    deployed    dapr-1.4.2              1.4.2

I get the following error

Error: rendered manifests contain a resource that already exists. Unable to continue with install: ClusterRole "dapr-operator-admin" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "dapr-uat": current value is "dapr"; annotation validation error: key "meta.helm.sh/release-namespace" must equal "test": current value is "dev"
Tried specifying a different version for the installation but with no success

helm upgrade -i --namespace $NAMESPACE \
    dapr-uat dapr/dapr \
    --version 1.4.0

Starting to think the current chart does not allow for multiple instances (development and testing ) on the same cluster. Has anyone faced the same issue ? thank you,

Solution

  • Existing dapr chart applies cluster-wide ressources where names are given with no namespace name consideration. So, when trying to install a second configuration, a cluster-wide ressource name conflict occurs with pre-existing cluster-wide ressource:

    Error: UPGRADE FAILED: rendered manifests contain a resource that already exists. Unable to continue with update: ClusterRole "dapr-operator-admin" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "dapr-uat": current value is "dapr-dev"; annotation validation error: key "meta.helm.sh/release-namespace" must equal "uat": current value is "dev"

    I had to edit the chart:

    git clone https://github.com/dapr/dapr.git

    I edited RBAC ressources in subchart dapr_rbac where ressource name now considers namespace name in dapr_rbac/templates/ClusterRoleBinding.yaml

    previous file :

    kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: dapr-operator
...

    Edit now consists of metadata name on all ressources:

    kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: dapr-operator-{{ .Release.Namespace }}
...

    Same logic have been applied to MutatingWebhookConfiguration in subchart dapr_sidecar_injector in file dapr_sidecar_injector/templates/dapr_sidecar_injector_webhook_config.yaml

    For full edits, please see forked repo in : https://github.com/redaER7/dapr/tree/DEV/charts/dapr