[helm] workload-api-server chart uses inconsistent GCS secret logic from server/worker/workload-launcher #44525
Description
Helm Chart Version
0.445.3
What step the error happened?
Upgrading the Platform or Helm Chart
Relevant information
Problem
I'm attempting to set up my OSS Airbyte deployment to use GCS logging. Relevant chart values are below (from a FluxCD patch):
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: airbyte
spec:
values:
global:
# gcs-credentials-ext is a secret that contains the GCS credentials, created externally to the helm deployment
storage:
type: "GCS"
storageSecretName: gcs-credentials-ext
bucket:
log: my_log_bucket
state: my_log_bucket
workloadOutput: my_log_bucketgcs-credentials-ext was created externally to the Helm chart deployment, as I wanted to avoid having my base64 encoded credentials held in source control at global.storage.gcs.credentialsJson
Analysis
When I run the helm install, the pod for airbyte-workload-api-server gets stuck in the ContainerCreating state, with the following error:
Warning FailedMount 3s (x4 over 6s) kubelet MountVolume.SetUp failed for volume "gcs-log-creds-volume" : secret "airbyte-gcs-log-creds" not found
Upon analysis of the workload API server template, this is due to the secretName defaulting to releasename-gcs-log-creds because it is looking for a value .Values.global.credVolumeOverride). See - https://github.com/airbytehq/airbyte-platform/blob/f8146bdc352726509bc5bbd8870052e666178944/charts/airbyte-workload-api-server/templates/deployment.yaml#L202
This is at odds with the other components that refer to the same secret (they all use Values.global.storage.storageSecretName):
- Workload launcher - https://github.com/airbytehq/airbyte-platform/blob/f8146bdc352726509bc5bbd8870052e666178944/charts/airbyte-workload-launcher/templates/deployment.yaml#L596
- Worker - https://github.com/airbytehq/airbyte-platform/blob/f8146bdc352726509bc5bbd8870052e666178944/charts/airbyte-worker/templates/deployment.yaml#L587
- Server - https://github.com/airbytehq/airbyte-platform/blob/f8146bdc352726509bc5bbd8870052e666178944/charts/airbyte-server/templates/deployment.yaml#L516
Proposal
I propose that this line https://github.com/airbytehq/airbyte-platform/blob/f8146bdc352726509bc5bbd8870052e666178944/charts/airbyte-workload-api-server/templates/deployment.yaml#L202, be changed from:
secretName: {{ ternary (printf "%s-gcs-log-creds" ( .Release.Name )) (.Values.global.credVolumeOverride) (eq .Values.global.deploymentMode "oss") }}
to:
secretName: {{ ternary (printf "%s-gcs-log-creds" ( .Release.Name )) .Values.global.storage.storageSecretName (not ((.Values.global.storage).storageSecretName)) }}
Relevant log output
No response