Helm release with pre-install hook causes upgrades to break with "post render on files may not add resource with an already registered id" #5791
Description
Describe the bug
Since upgrading to 2.8 we are seeing cases of Helm upgrades failing
Helm upgrade failed for release default/app with chart app@1.0.0: error while running post render on files: accumulating resources: accumulation err=’accumulating resources from ‘helm-output.yaml’: may not add resource with an already registered id: ServiceAccount.v1.[noGrp]/app.[noNs]‘: must build at directory: ‘/helm-output.yaml’: file is not directory
The service account created by hook is a one-time install time resource, as seen in annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "-10"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
So hook job can run with SA on the first install. Release SA takes over after that for upgrades.
Seems the post render doesn't take that into account.
Steps to reproduce
Have a Helm chart create service account annotated as above. On upgrade observe failure. I'm not sure exactly how to trigger failure, because its not happening for all charts yet.
Expected behavior
Upgrades completing without post-render failure from kustomize assuming that all resources will be created at the same time
Screenshots and recordings
No response
OS / Distro
EKS
Flux version
2.8.3
Flux check
N/A
Git provider
No response
Container Registry provider
No response
Additional context
No response
Code of Conduct
- I agree to follow this project's Code of Conduct