I am trying to do merge of multiple values files which has array of secrets.But the merging is not working instead the last values file overrides.
This is my secret template
---
{{- range .Values.secrets }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ required "a valid name is required" .name }}
namespace: ""
type: Opaque
data:
{{- range $key, $val := .data }}
# fix printing the key name in the required string
{{ $key }}: {{ required "a valid key is required" $val }}
{{- end }}
{{- end }}
value1.yaml:
secrets:
- name: "sample"
data:
test: "YXBpa2V5MQo="
value2.yaml:
- name: "sample2"
data:
test: "YXBpa2V5MQo="
helm template secrets-template -f value1.yaml -f value2.yaml
The output is
---
apiVersion: v1
kind: Secret
metadata:
name: sample2
namespace: ""
type: Opaque
data:
# fix printing the key name in the required string
test: YXBpa2V5MQo=
But the expected output is
---
apiVersion: v1
kind: Secret
metadata:
name: sample
namespace: ""
type: Opaque
data:
# fix printing the key name in the required string
test: YXBpa2V5MQo=
---
apiVersion: v1
kind: Secret
metadata:
name: sample2
namespace: ""
type: Opaque
data:
# fix printing the key name in the required string
test: YXBpa2V5MQo=
Any help on this ?
As far as I can tell, helm always overwrites arrays. A work around, is to use dictionaries. For example, use the name of the secret as the key.
template:
---
{{- range $secretName, $secretValue := .Values.secrets }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ required "a valid name is required" $secretName }}
namespace: ""
type: Opaque
data:
{{- range $key, $val := $secretValue }}
# fix printing the key name in the required string
{{ $key }}: {{ required "a valid key is required" $val }}
{{- end }}
{{- end }}
value1.yaml
secrets:
sample:
test: "YXBpa2V5MQo="
value2.yaml
secrets:
sample2:
test: "YXBpa2V5MQo="
Thankyou..it works..I did a small modification.
{{- range $secretName,$secretValue := .Values.secrets }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ required "a valid name is required" $secretName }}
type: {{ $secretValue.type | default "Opaque" }}
data:
{{- range $key, $val := $secretValue.data }}
# fix printing the key name in the required string
{{ $key }}: {{ required "a valid key is required" $val }}
{{- end }}
{{- end }}
values file:
secrets:
sample2:
data:
test2: "YXBpa2V5MQo="
But I am getting below warning eventhough it works fine..Is this a problem?How to fix this warning?
coalesce.go:160: warning: skipped value for secrets: Not a table.
Related
I am trying to dynamic lookup available namespaces and able to create secrets in the namespaces using below helm chart.
templates/secrets.yaml
{{ range $index, $namespace := (lookup "v1" "Namespace" "" "").items }}
apiVersion: v1
kind: Secret
metadata:
name: myregcred
namespace: {{ $namespace.metadata.name }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}
{{- end}}
values.yaml
imageCredentials:
registry: quay.io
username: someone
password: sillyness
email: someone#host.com
_helpers.tpl
{{- define "imagePullSecret" }}
{{- with .Values.imageCredentials }}
{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
{{- end }}
{{- end }}
When i run this helm chart, i get below error
Error: INSTALLATION FAILED: template: secrets/templates/_helpers.tpl:2:16: executing "imagePullSecret" at <.Values.imageCredentials>: nil pointer evaluating interface {}.imageCredentials
I dont know what I am doing wrong here.
When you reference the named template "imagePullSecret" inside the range, the context "." you are providing refers to the body of the loop, which does not have the "Values" attribute.
Try providing the root context instead:
{{ range $index, $namespace := (lookup "v1" "Namespace" "" "").items }}
apiVersion: v1
kind: Secret
metadata:
name: myregcred
namespace: {{ $namespace.metadata.name }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "imagePullSecret" $ }}
---
{{- end}}
I have a bunch of secretKey in values.yaml like below. I need to add each value of secretKey as a key and decoded value in template.data like as a value like below.
How can I achieve this ?
{{- range $externalSecretName, $externalSecret := .Values.externalSecrets }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ $externalSecretName }}
spec:
refreshInterval: 1m
secretStoreRef:
name: secret
kind: SecretStore
target:
name: {{ $externalSecretName }}
creationPolicy: Owner
template:
data:
## Needs to insert/add each secretKey value here like below
{
keyname1: "{{ .keyname1 | b64dec }}".
keyname2: "{{ .keyname2 | b64dec }}".
}
data:
{{- toYaml $externalSecret.data | nindent 4 }}
---
{{- end }}
values.yaml:
===========
extraEnvSecret:
fromSecret:
name: master-tf-address-handling
data:
PREFIX_KEYNAME1: keyname1
PREFIX_KEYNAME2: keyname2
externalSecrets:
demo-app:
data:
- secretKey: keyname1
remoteRef:
key: value1
- secretKey: keyname2
remoteRef:
key: value1
{{- range $externalSecretName, $externalSecret := .Values.externalSecrets }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ $externalSecretName }}
spec:
refreshInterval: 1m
secretStoreRef:
name: secret
kind: SecretStore
target:
name: {{ $externalSecretName }}
creationPolicy: Owner
template:
data:
{
{{- range $externalSecret.data }}
{{ .secretKey }}: "{{ .remoteRef.key | b64enc }}",
{{- end }}
}
data:
{{- toYaml $externalSecret.data | nindent 4 }}
{{- end }}
The helm values look like in the following example. Here appdata can scale to any number but will contain the same set of keys.
data:
appdata:
config0:
url: 'https://example1.com'
port: '80'
config1:
url: 'https://example2.com'
port: '8673'
someotherconfig:
url: 'https://example3.com'
port: '9887'
...
...
This is what I have so far. This keeps updating the last config's data from someotherconfig key and also I want to have the config map name to contain the config name for each iteration, like {{ template "app" $ }}-config0, {{ template "app" $ }}-config1 and so on based on iteration.
{{- range $Mydata := $.Values.data.appdata }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "app" $ }}
labels:
data:
url: {{ $Mydata.url }}
port: {{ $Mydata.port }}
{{- end }}
You're almost there. You need to use the key/value notation to get the key name. Try the following.
{{- range $configuration, $Mydata := $.Values.data.appdata }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "app" $ }}-{{ $configuration }}
data:
url: {{ $Mydata.url }}
port: {{ $Mydata.port }}
{{- end }}
Say I have a configmap like this, and I want to get the value(12301) of version 123v1 in map_a, what is the correct way?
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfig
namespace: default
data:
test.yml: |
map_a:
"123v1":
"Version": 12301
"Type": "abc"
......
Here is my attempts:
apiVersion: v1
kind: ConfigMap
metadata:
name: test-config
data:
{{- $configmap := (lookup "v1" "ConfigMap" "default" "myconfig") }}
{{- if $configmap }}
{{- $models := get $configmap.data "test.yml" }}
version: {{ $models.map_a.123v1.Version }}
{{- end }}
$ helm template .
install.go:173: [debug] Original chart version: ""
install.go:190: [debug] CHART PATH: /root/test-lookup
Error: parse error at (test-lookup/templates/config.yaml:9): ".123v"
helm.go:88: [debug] parse error at (test-lookup/templates/config.yaml:9): ".123v"
The pipe symbol at the end of a line in YAML signifies that any indented text that follows should be interpreted as a multi-line scalar value. See the YAML spec. This is also mentioned in the helm doc |-
{{ $models }} is a value behind a pipe symbol of myconfig>data>test.yml.
So, the value of the expression {{ $models }} is a string instead of a map. In other words, {{ $models. map_a }} is an illegal operation.
The real value of {{ $models }} is a multi-line string, the string content is:
map_a:
"123v1":
"Version": 12301
"Type": "abc"
This can work here, of course the result is not what you want:
apiVersion: v1
kind: ConfigMap
metadata:
name: test-config
data:
{{- $configmap := (lookup "v1" "ConfigMap" "default" "myconfig") }}
{{- if $configmap }}
{{- $models := get $configmap.data "test.yml" }}
version: {{ $models | quote }}
{{- end }}
output:
apiVersion: v1
data:
version: |
map_a:
"123v1":
"Version": 12301
"Type": "abc"
kind: ConfigMap
metadata:
annotations:
...
So in order to achieve your purpose, you have to operate {{ $models }} in accordance with the method of operating strings.
config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: test-config
data:
{{- $configmap := (lookup "v1" "ConfigMap" "default" "myconfig") }}
{{- if $configmap }}
{{- $models := get $configmap.data "test.yml" }}
{{- range ( split "\n" $models) }}
{{- if ( contains "Version" .) }}
version: {{ (split ":" .)._1 | trim | quote }}
{{- end }}
{{- end }}
{{- end }}
output:
apiVersion: v1
data:
version: "12301"
kind: ConfigMap
metadata:
annotations:
...
Can someone explain to me what the role of the keyword "template" is in this code :
apiVersion: v1
kind: Secret
metadata:
name: {{ template "identity-openidconnect" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "microService.name" . }}
release: "{{ .Release.Name }}"
xxxx
xxxxxxxxxxxx
The keyword "template" means, that Helm will find the previously created template and complete the yaml file according to the template in the template. It has to be created in advance. This type of construction allows you to refer to the same scheme many times.
For example, we can define a template to encapsulate a Kubernetes block of labels:
{{- define "mychart.labels" }}
labels:
generator: helm
date: {{ now | htmlDate }}
{{- end }}
Now we can embed this template inside of our existing ConfigMap, and then include it with the template action:
{{- define "mychart.labels" }}
labels:
generator: helm
date: {{ now | htmlDate }}
{{- end }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-configmap
{{- template "mychart.labels" }}
data:
myvalue: "Hello World"
{{- range $key, $val := .Values.favorite }}
{{ $key }}: {{ $val | quote }}
{{- end }}
When the template engine reads this file, it will store away the reference to mychart.labels until template "mychart.labels" is called. Then it will render that template inline. So the result will look like this:
# Source: mychart/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: running-panda-configmap
labels:
generator: helm
date: 2016-11-02
data:
myvalue: "Hello World"
drink: "coffee"
food: "pizza"
Note: a define does not produce output unless it is called with a template, as in this example.
For more info about templates you can read this page.