Installation with helm of version v0.9.17 fails

[zioproto]

Describe the bug

The installation fails. The external-secrets-cert-controller and external-secrets-webhook Pods are not Ready. The logs of external-secrets-webhook complain about a missing certificate.
The secret external-secrets-webhook has 0 DATA.

To Reproduce
Steps to reproduce the behavior are published here https://external-secrets.io/latest/introduction/getting-started/

kubectl apply -k "https://github.com/external-secrets/external-secrets//config/crds/bases?ref=v0.9.11"

helm repo add external-secrets https://charts.external-secrets.io

helm install external-secrets \
   external-secrets/external-secrets \
    -n external-secrets \
    --create-namespace \
   --set installCRDs=false

This is the outcome:

kubectl get pods
NAME                                               READY   STATUS    RESTARTS        AGE
external-secrets-64578fc69c-nlftw                  1/1     Running   0               39m
external-secrets-cert-controller-99bfb7d69-28xmc   0/1     Running   0               39m
external-secrets-webhook-5cf687f86-p68sh           0/1     Running   9 (5m38s ago)   39m

here the logs

% kubectl logs external-secrets-webhook-5cf687f86-p68sh
{"level":"info","ts":1715003427.5032117,"logger":"setup","msg":"validating certs"}
{"level":"error","ts":1715003427.5033548,"logger":"setup","msg":"invalid certs. retrying...","error":"stat /tmp/certs/tls.crt: no such file or directory","stacktrace":"github.com/external-secrets/external-secrets/cmd.waitForCerts\n\t/home/runner/work/external-secrets/external-secrets/cmd/webhook.go:215\ngithub.com/external-secrets/external-secrets/cmd.init.func3\n\t/home/runner/work/external-secrets/external-secrets/cmd/webhook.go:84\ngithub.com/spf13/cobra.(*Command).execute\n\t/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:987\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1115\ngithub.com/spf13/cobra.(*Command).Execute\n\t/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1039\ngithub.com/external-secrets/external-secrets/cmd.Execute\n\t/home/runner/work/external-secrets/external-secrets/cmd/root.go:256\nmain.main\n\t/home/runner/work/external-secrets/external-secrets/main.go:22\nruntime.main\n\t/opt/hostedtoolcache/go/1.22.1/x64/src/runtime/proc.go:271"}

here the secret

% kubectl get secret external-secrets-webhook -o yaml
apiVersion: v1
kind: Secret
metadata:
  annotations:
    meta.helm.sh/release-name: external-secrets
    meta.helm.sh/release-namespace: external-secrets
  creationTimestamp: "2024-05-06T13:11:23Z"
  labels:
    app.kubernetes.io/instance: external-secrets
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: external-secrets-webhook
    app.kubernetes.io/version: v0.9.17
    external-secrets.io/component: webhook
    helm.sh/chart: external-secrets-0.9.17
  name: external-secrets-webhook
  namespace: external-secrets
  resourceVersion: "1814"
  uid: 3ba18bff-99c5-476d-bcbf-e3eff54462fd
type: Opaque

Expected behavior

I expect the external-secrets-webhook Pod to be ready

Additional context
Testing on AKS v1.28.5

[zioproto]

Just installing with the helm chart works:

helm install external-secrets \
   external-secrets/external-secrets \
    -n external-secrets \
    --create-namespace \
   --set installCRDs=true

[gusfcarvalho]

Hmm, I see some issues with your setup -Forat, you’re using a CRD version that does not match the helm chart version (helm chart is on 0.9.17). Second - base CRDs are not meant for consumption out of the box, thus they do not contain several information for the Webhook to work properly anyways (although I would expect a different error).

What are the logs of cert-controller?