CRDs do not get upgraded

[onedr0p]

Hi 👋🏼 The way crds are handled in this repo Helm does not upgrade them when the user upgrades the chart.

https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations

There is no support at this time for upgrading or deleting CRDs using Helm. This was an explicit decision after much community discussion due to the danger for unintentional data loss. Furthermore, there is currently no community consensus around how to handle CRDs and their lifecycle. As this evolves, Helm will add support for those use cases.

What I've seen most chart developers do it have a installCRDs option in the helm values and template them out, take a look at cert-manager and rook-ceph charts for an example on how they handle CRDs.

I would suggest a option in the values.yaml and to move the crds folder into the templates folder and wrap it in an if statement.

operator:
  create: false
  installCRDs: true
  autoRestart: false

[john-yacuta-submittable]

+1

I am currently in the process of deploying 1Password Connect and Operator into our infrastructure using:

operator:
  create: true

However, I would like to use the latest Connect and Operator to leverage the latest feature: "set type on OnePasswordItem resources, which can be any of the Kubernetes secret types" as discussed here.

I have tried upgrading it via the values.yaml by setting under operator version: "1.5.0" like below but there is an error: unknown field "type" in com.onepassword.v1.OnePasswordItem which I believe is related to the CRDs not upgrading. I am using GitOps: ArgoCD + Helm to deploy.

[john-yacuta-submittable]

I managed to upgrade 1Password Connect Server to 1.5.4 and Operator to 1.5.0 using the latest chart revision 1.8.0 that released 2 days ago. I went from revision 1.7.1 to 1.8.0 using ArgoCD App template + Helm source.

However, I am getting the error from the operator when trying to take advantage of the new type feature and doing type: kubernetes.io/dockerconfigjson. I already tried redeploying 1Password and the same issue occurs.

Error: "error":"Failed to retrieve item: need at least version 1.3.0 of Connect for this function, detected version 1.2.0 (or earlier). Please update your Connect server"

[john-yacuta-submittable]

I created a new issue to track my issue: #105

[jillianwilson]

Thanks for raising this issue. @onedr0p feel free to make a PR with the suggested changes

[matthiasbaldi]

Edit: Ignore that 😉 I messed up the version from the helm chart with the operator itself...

I bring that up again.
Today I patched to the current chart version 1.7.1 and suddenly I had issues to apply new 1PasswordItems because of the error onepassword.com/v1, Kind=OnePasswordItem): .type: field not declared in schema.

After trying some stuff I decided to run
kubectl apply -f https://raw.githubusercontent.com/1Password/connect-helm-charts/main/charts/connect/crds/onepassworditem-crd.yaml manually.
Since then it looks good again.

Is there an issue in the current chart release? Or do we had some fancy issues on our cluster?
We had no issues in earlier versions like 1.5.x or 1.6.x.