We Keep Coding

Helm tpl function to render a file does not work

I am trying to render a file using the tpl function. I am retrieving the content of the file using Files.Get, which works fine until I use tpl function on it.
My input file is:
apiVersion: autoscaling/v2beta2
My helm template is:
{{- $files := .Files }}
{{- tpl ($files.Get "files/autoscaling.yaml" ) . -}}
I had to use $files because it would throw the error:
at <.Files.Get>: can't evaluate field Files in type interface {}
The output that I see when I run the helm template is
Error: template: subchart-demoapp/templates/sub-deployments.yaml:5:47: executing "subchart-demoapp/templates/sub-deployments.yaml" at <.>: wrong type for value; expected chartutil.Values; got string
helm.go:84: [debug] template: subchart-demoapp/templates/sub-deployments.yaml:5:47: executing "subchart-demoapp/templates/sub-deployments.yaml" at <.>: wrong type for value; expected chartutil.Values; got string
My helm version is:
version.BuildInfo{Version:"v3.2.1", GitCommit:"fe51cd1e31e6a202cba7dead9552a6d418ded79a", GitTreeState:"clean", GoVersion:"go1.13.10"}
Thanks for any help.

Figured it out. tpl function when used in a range block needs the top-level context as the second argument. Ref: Helm Issue
Replaced the . with $ and it works as expected.

What is the difference between helm syntax {{ something }} and {{- something }}?

I'm trying to understand helm templates and found syntax like this:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
So I thought every thing had to start with {{- but then I found other syntax that did not have that syntax:
- name: {{ .Chart.Name }}
So my question is what is the difference between those two syntaxs? What does the dash do? When is it needed?

The Helm template syntax is based on the Go programming language's text/template package.
The braces {{ and }} are the opening and closing brackets to enter and exit template logic.
The Helm documentation at https://helm.sh/docs/chart_template_guide/control_structures/
discusses why this syntax is needed in an example.
YAML ascribes meaning to whitespace, so managing the whitespace becomes pretty important. [...] the curly brace syntax {{ of template declarations can be modified with special characters to tell the template engine to chomp whitespace. {{- (with the dash and space added) indicates that whitespace should be chomped left, while -}} means whitespace to the right should be consumed. Be careful! Newlines are whitespace!
So the answer is this. The difference between the {{ syntax and the {{- syntax is that the {{- something }} will result in space on the left being removed. Without this any extra space would be included which could result in incorrectly formatted YAML.
Refer to the Helm documentation which goes into great length about how this syntax works and removes extra spaces.
You'll frequently see the dash showing up in control structures because without this extra space would be added to your YAML file which could result in invalid syntax being created. So, for example,
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
Causes the property apiVersion to be output (in the YAML file) without adding blank lines before and after the property.
Simple example
The Go templating documentation says
when executing the template whose source is
"{{23 -}} < {{- 45}}"
the generated output would be
"23<45"
This shows that the dash syntax causes white space to be removed.
Learning to experiment with Helm syntax
Below I'll explain how you can begin experimenting with helm syntax
using a simple throw away project.
The commands below I create a temp directory testhelm and go into it, and then run create helm mytest to create a helm application.
Next, I create a sample helm YAML file. This is the file you want to put what you want to test inside of. Below I used the file mytest/templates/my.yaml but any file can be created.
Helm apparently takes all of the files in the templates directory and parses/processes them to create the YAML output (which is used to create a Kubernetes YAML file to configure a K8S application).
In our case, we just leverage the helm command create a test bed for us to play around with.
If you are on a UNIX-based system you should be able to copy and paste the entire code sample below to create the testbed to begin experimenting.
mkdir testhelm
cd testhelm
helm create mytest
cat <<EOF > mytest/templates/my.yaml
expression1: "{{ 23 }} < {{ 45 }}"
expression2: "{{ 23 -}} < {{- 45 }}"
aTest0: ArgWithNoSpace
aTest1: Arg with spaces on left and right
aTest2: " spaces-on-left-and-right "
aTest3: {{ " spaces-on-left-and-right " }}
aTest4: {{ " spaces-on-left-and-right " | trim | quote }}
aTest5: Some
{{- "Thing Funky is" -}} goingOn
{{- " here"}}
drink2: {{ .Values.drink2 | default "coffee" | quote }}
aTest6: Some {{ "Thing Funky is" }}goingOn {{ " here"}}
aTest7: Some {{ "Thing Funky is" }}goingOn {{ " here"}}
EOF
Then run run the helm template command as shown below, and study the output that you get.
helm template myproj ./mychart | less
. . . output trimmed . . .
# Source: mychart/templates/my.yaml
expression1: "23 < 45"
expression2: "23<45"
aTest0: ArgWithNoSpace
aTest1: Arg with spaces on left and right
aTest2: " spaces-on-left-and-right "
aTest3: spaces-on-left-and-right
aTest4: "spaces-on-left-and-right"
aTest5: SomeThing Funky isgoingOn here
drink2: "coffee"
aTest6: Some Thing Funky isgoingOn here
aTest7: Some Thing Funky isgoingOn here
The first two name/value pairs expression1 and expression2 show the difference with and without dash syntax being used.
Notice also the syntax for aTest5 which resulted in several lines being merged into a single line of output.
Notice also aTest6 and aTest7 look different in the source but produce the same output; spaces within the {{ }} are not output unless they within quotes.
Using this approach digest the Helm syntax in bite sized chunks and so when you need to fix something you can understand what you are seeing.

How can we specify custom path to .Files.Get when creating ConfigMap with Helm

I am creating a config map as below
kubectl create configmap testconfigmap --from-file=testkey=/var/opt/testfile.txt
As I am using helm charts, I would like to create the config map using YAML file instead of running kubectl.
I went through Kubernetes - How to define ConfigMap built using a file in a yaml? and we can use .Files.Get to access the files.
But then testfile.txt needs to be a part of helm. I would like to have something like
kind: ConfigMap
metadata:
name: testconfigmap
data:
fromfile: |-
{{ .Files.Get "/var/opt/testfile.txt" | indent 4 }}
It works when "testfile.txt" is under the main helm directory. So, {{ .Files.Get "testfile.txt" | indent 4 }} works but {{ .Files.Get "/var/opt/testfile.txt" | indent 4 }} doesn't. With custom path, the value for the ConfigMap is empty.
Is is possible to place the file at a custom path outside the helm folder, so I can define my path in Values.yaml and read it in my ConfigMap yaml ?

This is a Community Wiki answer so feel free to edit it and add any additional details you consider important.
As mdaniel has already stated in his comment:
Is is possible to place the file at a custom path outside the helm
folder no, because helm considers that a security risk – mdaniel 2
days ago
You can also compare it with this feature request on GitHub where you can find very similar requirement described in short e.g. in this comment:
I have this exact need. My chart publishes a secret read from file at
/keybase. This file is deliberately not in the chart.
I believe files for .Files.Get should not be assumed to be inside the
chart ...
One interesting comment:
lenalebt commented on Dec 23, 2017 I am quite sure .Files.Get not
being able to access the file system arbitrarily is a security
feature, so I don't think the current behaviour is wrong - it just
does not fulfill all use cases.
This issue was created quite long time ago (Dec 19, 2017) but has been recently reopened. There are even some specific proposals on how it could be handled:
titou10titou10 commented on Apr 2 #misberner can you confirm that
using--include-dir =will allow us to use
.Files.Glob().AsConfig(), and so create a ConfigMap with one
entry in the CM per file in?
#misberner misberner commented on Apr 2 Yeah that's the idea. An open
question from my point of view is whether an --include-dir with a
specified introduces an overlay, or shadows everything under
/ from previous args and from the bundle itself. I'm not super
opinionated on that one but would prefer the former.
The most recent comments give some hope that this feature might become available in future releases of helm.

As mdaniel and mario already mentioned, for now this is not possible, as it's considered a security risk.
But actually there is a workaround.
You can use Helm templating to parse your property file and load it into a ConfigMap.
# create the following ConfigMap in your Chart
# this is just a simple prototype
# it requires strict key=value syntax in your property file (no empty strings etc.)
# but it shows the idea - improve the syntax, if needed
apiVersion: v1
kind: ConfigMap
metadata:
name: example
data:
{{- if .Values.example.map }}
{{- range $line := splitList "\n" .Values.example.map }}
{{- $words := splitList "=" $line }}
{{- $key := index $words 0 | trim }}
{{- $value := rest $words | join "=" | trim }}
{{ $key }}: "{{ $value }}"
{{- end }}
{{- end }}
{{- end }}
And after that you may load your properties file into this ConfigMap.
helm install mychart --set-file example.map="/test/my.properties"
Of course it is safe to use ONLY if you fully control the input, i. e. how each and every line of your property file is populated.

Helm: Pass a multiline env variable to deployment

I need to pass a private RSA key as ENV var to my deployment file, and I can't do it at the moment.
containers:
env:
- name: MY_PRIVATE_KEY
value: |+
{{ .Values.fpm.dot_env.MY_PRIVATE_KEY}}
I've tried with indent, without indent, using toYaml (there is no error with this but my env var start with |-)...
Any idea?
This is the error I get from that code:
Error: UPGRADE FAILED: YAML parse error on broker-api/templates/deployment.yaml: error converting YAML to JSON: yaml: line 59: could not find expected ':'

If you're trying to embed a multi-line string in a Kubernetes artifact in a Helm chart, the easiest recipe is
Use the YAML | block scalar form to preserve newlines;
Start the Go template {{ ... }} macro at the first column; and
Use the sprig indent function to indent every line of the block, including the first one.
(You frequently will see |- which trims the final newline; for this I can imagine wanting to keep the final newline |+ or just plain |; the difference between these last two is whether extra empty lines at the end are kept or not.)
containers:
env:
- name: MY_PRIVATE_KEY
value: |+
{{ .Values.fpm.dot_env.MY_PRIVATE_KEY | indent 12 }}
(Usually for actual secrets it's considered preferable to store them in Kubernetes Secret objects. Those values are base64 encoded in the Kubernetes API, so when you declare the Secret object in Helm you'd use ... | b64enc instead of this indent recipe.)

Finally I solved my problem b64encoding my key, and b64decoding it from my backend.
Thanks.

overriding values in kubernetes helm subcharts

I'm building a helm chart for my application, and I'm using stable/nginx-ingress as a subchart. I have a single overrides.yml file that contains (among other overrides):
nginx-ingress:
controller:
annotations:
external-dns.alpha.kubernetes.io/hostname: "*.{{ .Release.Name }}.mydomain.com"
So, I'm trying to use the release name in the overrides file, and my command looks something like: helm install mychart --values overrides.yml, but the resulting annotation does not do the variable interpolation, and instead results in something like
Annotations: external-dns.alpha.kubernetes.io/hostname=*.{{ .Release.Name }}.mydomain.com
I installed the subchart by using helm fetch, and I'm under the (misguided?) impression that it would be best to leave the fetched thing as-is, and override values in it - however, if variable interpolation isn't available with that method, I will have to put my values in the subchart's values.yaml.
Is there a best practice for this? Is it ok to put my own values in the fetched subchart's values.yaml? If I someday helm fetch this subchart again, I'll have to put those values back in by hand, instead of leaving them in an untouched overrides file...
Thanks in advance for any feedback!

I found the issue on github -- it is not supported yet:
https://github.com/kubernetes/helm/issues/2133

Helm 3.x (Q4 2019) now includes more about this, but for chart only, not for subchart (see TBBle's comment)
Milan Masek adds as a comment:
Thankfully, latest Helm manual says how to achieve this.
The trick is:
enclosing variable in " or in a yaml block |-, and
then referencing it in a template as {{ tpl .Values.variable . }}
This seems to make Helm happy.
Example:
$ cat Chart.yaml | grep appVersion
appVersion: 0.0.1-SNAPSHOT-d2e2f42
$ cat platform/shared/t/values.yaml | grep -A2 image:
image:
tag: |-
{{ .Chart.AppVersion }}
$ cat templates/deployment.yaml | grep image:
image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}"
$ helm template . --values platform/shared/t/values.betradar.yaml | grep image
image: "docker-registry.default.svc:5000/namespace/service:0.0.1-SNAPSHOT-d2e2f42"
imagePullPolicy: Always
image: busybox
Otherwise there is an error thrown..
$ cat platform/shared/t/values.yaml | grep -A1 image:
image:
tag: {{ .Chart.AppVersion }}
1 $ helm template . --values platform/shared/t/values.yaml | grep image
Error: failed to parse platform/shared/t/values.yaml: error converting YAML to JSON: yaml: invalid map key: map[interface {}]interface {}{".Chart.AppVersion":interface {}(nil)}
For Helm subchart, TBBle adds to issue 2133
#MilanMasek 's solution won't work in general for subcharts, because the context . passed into tpl will have the subchart's values, not the parent chart's values.
!<
It happens to work in the specific example this ticket was opened for, because .Release.Name should be the same in all the subcharts.
It won't work for .Chart.AppVersion as in the tpl example.
There was a proposal to support tval in #3252 for interpolating templates in values files, but that was dropped in favour of a lua-based Hook system which has been proposed for Helm v3: #2492 (comment)
That last issue 2492 include workarounds like this one:
You can put a placeholder in the text that you want to template and then replace that placeholder with the template that you would like to use in yaml files in the template.
For now, what I've done in the CI job is run helm template on the values.yaml file.
It works pretty well atm.
cp values.yaml templates/
helm template $CI_BUILD_REF_NAME ./ | sed -ne '/^# Source:
templates\/values.yaml/,/^---/p' > values.yaml
rm templates/values.yaml
helm upgrade --install ...
This breaks if you have multiple -f values.yml files, but I'm thinking of writing a small helm wrapper that runs essentially runs that bash script for each values.yaml file.
fsniper illustrates again the issue:
There is a use case where you would need to pass deployment name to dependency charts where you have no control.
For example I am trying to set podAffinity for zookeeper. And I have an application helm chart which sets zookeeper as a dependency.
In this case, I am passing pod antiaffinity to zookeeper via values. So in my apps values.yaml file I have a zookeeper.affinity section.
If I had the ability to get the release name inside the values yaml I would just set this as default and be done with it.
But now for every deployment I have to override this value, which is a big problem.
Update Oct. 2022, from issue 2133:
lazychanger proposes
I submitted a plugin to override values.yaml with additional templates.
See lazychanger/helm-viv: "Helm-variable-in-values" and its example.