Upgrading Jenkins helm chart fails because fips.openssl or global.defaultFips are not defined
search cancel

Upgrading Jenkins helm chart fails because fips.openssl or global.defaultFips are not defined

book

Article ID: 427852

calendar_today

Updated On:

Products

VMware Tanzu Platform - Kubernetes VMware Tanzu Application Catalog

Issue/Introduction

 

running helm install results in templating error

 helm install -f values.yml oci://registry.domain/charts/photon-5/jenkins --version 13.9.2 --generate-name

Error: execution error at (jenkins/templates/deployment.yaml:322:24): Please configure a value for 'fips.openssl' or 'global.defaultFips'

 

Cause

There was a regression in recent versions of the bitnami secure image jenkins helm chart where it does not detect valid configuration settings in the passed in values.yml for fips openssl.

 

the following valid configuration combinations will cause this issue in a affected release

 

Scenario # 1

This setting will be ignored and not detected regardless of how you configure it.  There is no workaround for setting the global.defaultFips.  instead of using default you will have to set fips.openssl directly.

global: 
  defaultFips: off

 

or 

fips:
  openssl: off

 

Scenario # 2

When using configascode to override the global settings

configAsCode: 
  autoReload: 
    fips: 
      openssl: off

 

 

 

 

 

Resolution

This is fixed in jenkins helm chart version 13.11.0.  In the fixed release you no longer need to wrap the values in quotes and the global.defaultFips parameter works. 

 

Workarounds for each scenario:

 

Scenario # 1

instead of using global use fips.openssl and surround "off" with quotes

fips:
  openssl: "off"

 

Scenario # 2

surround "off" with quotes in the configAsCode block

configAsCode: 
  autoReload: 
    fips: 
      openssl: "off"

 

 

 

 

Powered by Wolken Software