fix(helm): remove stale Chart.lock that pulls in conflicting Bitnami postgresql sub-chart#1632
Open
jay-mtl wants to merge 1 commit into
Open
fix(helm): remove stale Chart.lock that pulls in conflicting Bitnami postgresql sub-chart#1632jay-mtl wants to merge 1 commit into
jay-mtl wants to merge 1 commit into
Conversation
…postgresql sub-chart Chart.yaml has no dependencies section, but Chart.lock still references bitnami/postgresql@15.5.38. Helm and GitOps controllers (e.g. Flux helm-controller) run `helm dependency build` whenever Chart.lock is present, which downloads and packages the Bitnami sub-chart. This causes two StatefulSets named hindsight-postgresql to be rendered: one from the chart's own postgresql-statefulset.yaml template and one from charts/postgresql/templates/primary/statefulset.yaml (Bitnami). They have conflicting spec.selector.matchLabels, so the second apply is rejected by Kubernetes with an immutable field error. The Bitnami security context (readOnlyRootFilesystem: true, runAsUser: 1001) also crashes the ankane/pgvector container which needs to write to /var/run/postgresql. Since Chart.yaml lists no dependencies, Chart.lock is stale and serves no purpose. Removing it prevents the Bitnami sub-chart from being downloaded.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The
helm/hindsight/chart contains aChart.lockthat referencesbitnami/postgresql@15.5.38as a dependency, butChart.yamlhas nodependenciessection. The chart has its ownpostgresql-statefulset.yamltemplate and does not use the Bitnami sub-chart.Helm and GitOps controllers (e.g. Flux helm-controller) run
helm dependency buildwheneverChart.lockis present. This downloads and packages the Bitnami postgresql sub-chart intocharts/postgresql/, causing two StatefulSets namedhindsight-postgresqlto be rendered:templates/postgresql-statefulset.yaml— the chart's own template (ankane/pgvector, standard postgres security context)charts/postgresql/templates/primary/statefulset.yaml— Bitnami (bitnami/postgresql,readOnlyRootFilesystem: true,runAsUser: 1001, selector:app.kubernetes.io/name: postgresql)This causes two failures:
hindsight-postgresqlbut have differentspec.selector.matchLabels; the second apply is rejected by the Kubernetes API withspec: Forbidden: updates to statefulset spec for fields other than 'replicas'...readOnlyRootFilesystem: true) gets applied to theankane/pgvectorcontainer, which needs to write to/var/run/postgresqlat startup, causing:FATAL: could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": Read-only file systemFix
Remove the stale
Chart.lock. SinceChart.yamllists no dependencies, the lock file is a leftover artifact and serves no purpose — it only causes the above conflicts for anyone using Helm dependency resolution (including Flux, ArgoCD with Helm, and plainhelm installwith dependency building enabled).Testing
After removing
Chart.lock,helm dependency buildis a no-op and the chart installs cleanly with only the parent chart's own postgresql StatefulSet rendered.