specifying configData in the policy-controller helm chart gives a values validation error

[steinwelberg]

Description

When upgrading the policy-controller Helm chart (from version 0.8.0 to 0.8.1) with the following values:

webhook:
  replicaCount: 3
  securityContext:
    enabled: true
    runAsUser: 1000
  configData:
    no-match-policy: warn
serviceMonitor:
  enabled: true

this will result in the following error:

  Warning  UpgradeFailed  30s  helm-controller  Helm upgrade failed for release infra-cosign/policy-controller with chart policy-controller@0.8.1: values don't meet the specifications of the schema(s) in the following chart(s):
policy-controller:
- webhook.configData: Additional property no-match-policy is not allowed

Most likely this is caused by the upated helm values schema which is quite restrictive as it specifies the "additionalProperties": false, property. Not only on the configData object, but also on the securityContext, customLabels, env, extraArgs all specify this which prevent a user to specify custom properties.

Version
policy controller helm chart version 0.8.1

[rai69]

@shearn89 can you help with this? This bug is preventing us from upgrading to version 0.8.1 and higher.

[shearn89]

I can try, I believe the schema was autogenerated via helm-schema so I may have done it wrong or it may be overly restrictive.

Best bet is probably for me to raise a PR to revert those additionalProperty changes.

[shearn89]

Whilst I get a PR up - it looks like helm has an option to relax the schema validation: cert-manager/cert-manager#7334 (comment)

Does that help as a workaround in the short term?

[rai69]

We install multiple helm-charts with the help from ansible, so i don't know if this can help. The manual test i did, does confirm that --skip-schema-validation relaxes the schema checking.