How to generate a Consul template inside a Helm Chart - kubernetes-helm

I have a Helm Chart for a Spring Boot application that gets its database credentials injected by the Hashicorp Vault agent injector.
This is a snippet from the generated deployment manifest in the dev environment.
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/role: "app"
vault.hashicorp.com/agent-inject-secret-database.properties: "secret/data/app/dev/database"
vault.hashicorp.com/agent-inject-template-database.properties: |
{{ with secret "secret/data/app/dev/database" }}
spring.datasource.username: {{ .Data.data.username }}
spring.datasource.password: {{ .Data.data.password }}
{{ end }}
To be able to specify the path to the secret and the name of the generated secrets file in the values.yaml, I've constructed this template:
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/role: "{{ .Values.vault.role }}"
{{ print "vault.hashicorp.com/agent-inject-secret-" .Values.vault.secretFileName }}: "{{ .Values.vault.secretPath }}"
{{ print "vault.hashicorp.com/agent-inject-template-" .Values.vault.secretFileName }}: |
{{`
{{ with secret "`}} {{- .Values.vault.secretPath -}} {{`" }}
spring.datasource.username: {{ .Data.data.username }}
spring.datasource.password: {{ .Data.data.password }}
{{ end }}
`}}
It works as intended, but I don't think it's very elegant.
I've also tried this approach:
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/role: "{{ .Values.vault.role }}"
{{ print "vault.hashicorp.com/agent-inject-secret-" .Values.vault.secretFileName }}: "{{ .Values.vault.secretPath }}"
{{ print "vault.hashicorp.com/agent-inject-template-" .Values.vault.secretFileName }}: |
{{ print "{{ with secret " .Values.vault.secretPath " }}" }}
{{ print "spring.datasource.username: {{ .Data.data.username }}" }}
{{ print "spring.datasource.password: {{ .Data.data.password }}" }}
{{ print "{{ end }}" }}
Which I feel is slightly better, but I'm still not happy with it.
So my question is: Is there a better way to do it?

I am using this way in my helm Chart
annotations:
vault.hashicorp.com/agent-inject: true
vault.hashicorp.com/role: {{ $.Values.injector.role }}
vault.hashicorp.com/agent-inject-secret-app: kv/k8s-{{ $.Values.environment }}/{{ $.Values.APP_NAME }}
vault.hashicorp.com/agent-inject-template-app: |
{{`{{ with secret "`}} kv/k8s-{{- $.Values.environment -}}/{{ $.Values.APP_NAME }} {{`" }}
{{ range $key, $value := .Data }}
export {{ $key }}={{ $value }}
{{ end }}`}}

Related

Read variable inside double bracket in Helm template

I need read a field file from values.yml for a configMap setup, it's my template:
{{- if .Values.configMap.enabled }}
{{- range .Values.configMapMount }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .name }}
data:
{{ .file }}: {{ $.Files.Get "files/{{ .file }}" | printf "%s" | indent 4 }}
{{- end }}
{{- end }}
Obviously this template doesn't work...there is a way to read {{ .file }} inside "files/{{ .file }}" ?
Thanks
You can't nest template actions. Use a variable instead.
Something like this:
{{- if .Values.configMap.enabled }}
{{- range .Values.configMapMount }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .name }}
data:
{{- $f := printf "files/%s" .file }}
{{ .file }}: {{ $.Files.Get $f | printf "%s" | indent 4 }}
{{- end }}
{{- end }}
https://go.dev/play/p/pRd5WNc10Zt

Expand helm template variables to lookup named-template/sub-template in _helpers.tpl

Trying to do the following in helm template but it's not expanding $key and giving an error cannot find template $key .
Is this even possible?
values.yaml
app:
env:
- AAAA
_helpers.tpl
{{- define "AAAA" }}
{{- printf "BBBB" }}
{{- end }}
deployment.yaml
...
container:
- name: xxxx
env:
{{- range $key := .Values.app.env }}
- name: {{ $key }}
value: {{ template "$key" . }}
{{ end }}
looks like using include instead of template works
values.yaml
app:
env:
- AAAA
_helpers.tpl
{{- define "AAAA" }}
{{- printf "BBBB" }}
{{- end }}
deployment.yaml
...
container:
- name: xxxx
env:
{{- range $key := .Values.app.env }}
- name: {{ $key }}
value: {{ include $key . }}
{{ end }}

Helm Error: parse error at invalid syntax

How can I escape () in helm template… I tried as below but getting Error: parse error at yaml:17): invalid syntax..
At the end I need this output "{{ (index . "demo-app-secret") | b64dec }}"
Here is the yaml.
{{- range $externalSecretName, $externalSecret := .Values.externalSecrets }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ $.Release.Name }}
spec:
refreshInterval: 10m
secretStoreRef:
name: tf-address-handling-fortanix
kind: SecretStore
target:
name: {{ $.Release.Name }}
creationPolicy: Owner
template:
data:
{{- range $externalSecret.data }}
{{ .secretKey }}: "{{ printf "{{ \(index . \"%s\"\) | b64dec }}" .secretKey }}"
{{- end }}
data:
{{- toYaml $externalSecret.data | nindent 4 }}
{{- end }}
Here is the values.yaml
externalSecrets:
master-tf-address-handling:
data:
- secretKey: xxxxxxxx
remoteRef:
key: xxxxx
- secretKey: yyyy
remoteRef:
key: yyyyy
The parentheses don't need to be escaped at all, and if you remove the backslash escaping before the parentheses then you'll get the output you expect.
{{ .secretKey }}: "{{ printf "{{ (index . \"%s\") | b64dec }}" .secretKey }}"
{{/* ^ ^
no backslashes */}}
If you run this through helm template, you'll get a second error. The output string you get has unescaped double-quotes inside a double-quoted string
xxxxxxxx: "{{ (index . "xxxxxxxx") | b64dec }}"
# ^ ^ ^ ^
# too many double quotes
To fix this you need extra backslashes in the output
xxxxxxxx: "{{ (index . \"xxxxxxxx\") | b64dec }}"
# ^ ^
# add these backslashes
and to get that you need an additional double backslash inside the template
{{ .secretKey }}: "{{ printf "{{ (index . \\\"%s\\\") | b64dec }}" .secretKey }}"
{{/* ^^ ^^
add these backslashes */}}

Helm Chart. How to pass a env value with multiple dots?

In deployment.yaml contains the condition:
{{- if or $.Values.env $.Values.envSecrets }}
env:
{{- range $key, $value := $.Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $secret := $.Values.envSecrets }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ $secret }}
key: {{ $key | quote }}
{{- end }}
{{- end }}
If I pass the $key = helm install NAME nexus/stand --set env.server.servlet.context-path=/bpm/router-app, then i don't get what i expect:
Containers:
...
Environment:
server: map[servlet:map[context-path:/bpm/router-app]]
How can I get around this problem and get the environment like:
Environment:
server.servlet.context-path: /bpm/router-app
Use double backslashes.
helm install NAME nexus/stand --set env.server\\.servlet\\.context-path=/bpm/router-app
That is the equivalent of:
env:
server.servlet.context-path: /bpm/router-app
This is useful particularly for annotations.
Alternatively you should be able to use quotes and single backslashes.
helm install NAME nexus/stand --set 'env.server\.servlet\.context-path'=/bpm/router-app

helm double quote annotations value

I am trying to quote my annotation values. I am trying like this
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ printf "%s" $value | quote }}
{{- end }}
and this
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: "{{ $value }}"
{{- end }}
this is my values.yaml
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: false
but it is not working. Even if I double quote the annotation value in values.yaml helm is removing the quote. Can somebody tell me how can I get helm with double quote values in annotation?
I am using Helm version 3.
You could try this:
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}