We Keep Coding

Helm Go Templating using Dictionary. I am need help in getting the values

I can not find a way to iterate over a range in helm templating. I have the next definition in my values.yaml
Variable dictionary to be consumed
projects:
- tenants: imc
namespaces:
- name: test-1
company: inter
environments:
- build
- dev
- stage
- test
- name: test-2
environments:
- build
- dev
- stage
- test
- name: test-3
environments:
- build
- dev
- stage
- test
Code snippet
{{- range $key, $value := .Values.tenants }}
{{- range $nkey, $nvalue := .namespaces }}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
parent_project_name: {{ $value.name }}
company: {{ $value.company }}
openshift.io/description: ""
openshift.io/display-name: ""
labels:
tenant: {{ $value.tenants }}
name: {{ $value.name }}-{{ $nvalue }}
spec: {}
status: {}
{{- end }}
{{- end }}
I need help in consuming the variable into the template

May you give the expected output? This is what I guess.
values.yaml
projects:
- tenants: imc
namespaces:
- name: test-1
company: inter
environments:
- build
- dev
- stage
- test
- name: test-2
environments:
- build
- dev
- stage
- test
- name: test-3
environments:
- build
- dev
- stage
- test
templates/ns.yaml
{{- range $key, $value := .Values.projects }}
{{- range $nkey, $nvalue := .namespaces }}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
parent_project_name: {{ $nvalue.name }}
company: {{ $nvalue.company }}
openshift.io/description: ""
openshift.io/display-name: ""
labels:
tenant: {{ $value.tenants }}
name: {{ $nvalue.name }}
spec: {}
status: {}
{{- end }}
{{- end }}
cmd
helm template --debug test .
output
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
parent_project_name: test-1
company: inter
openshift.io/description: ""
openshift.io/display-name: ""
labels:
tenant: imc
name: test-1
spec: {}
status: {}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
parent_project_name: test-2
company:
openshift.io/description: ""
openshift.io/display-name: ""
labels:
tenant: imc
name: test-2
spec: {}
status: {}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
parent_project_name: test-3
company:
openshift.io/description: ""
openshift.io/display-name: ""
labels:
tenant: imc
name: test-3
spec: {}
status: {}

Unable to deploy Kubernetes secrets using Helm

I'm trying to create my first Helm release on an AKS cluster using a GitLab pipeline,
but when I run the following command
- helm upgrade server ./aks/server
--install
--namespace demo
--kubeconfig ${CI_PROJECT_DIR}/.kube/config
--set image.name=${CI_PROJECT_NAME}/${CI_PROJECT_NAME}-server
--set image.tag=${CI_COMMIT_SHA}
--set database.user=${POSTGRES_USER}
--set database.password=${POSTGRES_PASSWORD}
I receive the following error:
"Error: Secret in version "v1" cannot be handled as a Secret: v1.Secret.Data:
decode base64: illegal base64 data at input byte 8, error found in #10 byte of ..."
It looks like something is not working with the secrets file, but I don't understand what.
The secret.yaml template file is defined as follows:
apiVersion: v1
kind: Secret
metadata:
name: server-secret
namespace: demo
type: Opaque
data:
User: {{ .Values.database.user }}
Host: {{ .Values.database.host }}
Database: {{ .Values.database.name }}
Password: {{ .Values.database.password }}
Port: {{ .Values.database.port }}
I will also add the deployment and the service .yaml files.
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.app.name }}
labels:
app: {{ .Values.app.name }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
tier: backend
stack: node
app: {{ .Values.app.name }}
template:
metadata:
labels:
tier: backend
stack: node
app: {{ .Values.app.name }}
spec:
containers:
- name: {{ .Values.app.name }}
image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
imagePullPolicy: IfNotPresent
env:
- name: User
valueFrom:
secretKeyRef:
name: server-secret
key: User
optional: false
- name: Host
valueFrom:
secretKeyRef:
name: server-secret
key: Host
optional: false
- name: Database
valueFrom:
secretKeyRef:
name: server-secret
key: Database
optional: false
- name: Password
valueFrom:
secretKeyRef:
name: server-secret
key: Password
optional: false
- name: Ports
valueFrom:
secretKeyRef:
name: server-secret
key: Ports
optional: false
resources:
limits:
cpu: "1"
memory: "128M"
ports:
- containerPort: 3000
service.yaml
apiVersion: v1
kind: Service
metadata:
name: server-service
spec:
type: ClusterIP
selector:
tier: backend
stack: node
app: {{ .Values.app.name }}
ports:
- protocol: TCP
port: 3000
targetPort: 3000
Any hint?

You have to encode secret values to base64
Check the doc encoding-functions
Try below code
apiVersion: v1
kind: Secret
metadata:
name: server-secret
namespace: demo
type: Opaque
data:
User: {{ .Values.database.user | b64enc }}
Host: {{ .Values.database.host | b64enc }}
Database: {{ .Values.database.name | b64enc }}
Password: {{ .Values.database.password | b64enc }}
Port: {{ .Values.database.port | b64enc }}
Else use stringData instead of data
stringData will allow you to create the secrets without encode to base64
Check the example in the link
apiVersion: v1
kind: Secret
metadata:
name: server-secret
namespace: demo
type: Opaque
stringData:
User: {{ .Values.database.user | b64enc }}
Host: {{ .Values.database.host | b64enc }}
Database: {{ .Values.database.name | b64enc }}
Password: {{ .Values.database.password | b64enc }}
Port: {{ .Values.database.port | b64enc }}

Ansible Kubernetes Job arg inject random string

I am thinking about creating a Kubernetes job in Ansible with random string (password) generated on the fly and injected to the args/command line. However I am not sure if what I am trying to achieve will work as the below Jinja template itself already imports data from the values YAML file.
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ deployment.namespace }} <- taken from the values YAML
name: create-secret
labels:
app: test
app.kubernetes.io/name: create-secret
app.kubernetes.io/component: test
app.kubernetes.io/part-of: test
app.kubernetes.io/managed-by: test
annotations:
spec:
backoffLimit: 0
template:
metadata:
namespace: {{ deployment.namespace }} <- taken from the values YAML
name: create-secret
labels:
app: test
app.kubernetes.io/name: create-secret
app.kubernetes.io/component: test
app.kubernetes.io/part-of: test
app.kubernetes.io/managed-by: test
spec:
restartPolicy: Never
containers:
- name: create-secret
command: ["/bin/bash"]
args: ["-c", "somecommand create --secret {{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=15) }} --name 'test'"]
image: {{ registry.host }}/{{ images.docker.image.name }}:{{ images.docker.image.tag }} <- taken from the values YAML

It'll work fine, but (as you pointed out) due to golang/helm using the same template characters as jinja2 {{, you'll need to take one of two approaches: either wrap every golang set of mustaches in {{ "{{" }} in order for jinja2 to emit the text {{ in the resulting file, or change the jinja2 template delimiters to something other than {{
example 1
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ "{{" }} deployment.namespace {{ "}}" }}
name: create-secret
...
containers:
- name: create-secret
command: ["/bin/bash"]
args: ["-c", "somecommand create --secret {{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=15) }} --name 'test'"]
image: {{ "{{" }} registry.host {{ "}}" }}/{{ "{{" }} images.docker.image.name {{ "}}:{{" }} images.docker.image.tag {{ "}}" }} <- taken from the values YAML
Although you'll also likely want to use | quote for that random_string since in my local example, it produce a password of 2-b19e2k#HUF=k` and that ` will be interpreted by the sh -c leading to an error
example 2
# my-job.yml.j2
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ deployment.namespace }} <- taken from the values YAML
name: create-secret
...
containers:
- name: create-secret
command: ["/bin/bash"]
args: ["-c", "somecommand create --secret [% lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=15) %] --name 'test'"]
image: {{ registry.host }}/{{ images.docker.image.name }}:{{ images.docker.image.tag }} <- taken from the values YAML
- template:
src: my-job.yml.j2
dest: my-job.yml
variable_start_string: '[%'
variable_end_string: '%]'

Helm3: Create .properties files recursively in Configmap

Below are files that I have:
users-values.yaml file :
users:
- foo
- baz
other-values.yaml file:
foo_engine=postgres
foo_url=some_url
foo_username=foofoo
baz_engine=postgres
baz_url=some_url
baz_username=bazbaz
config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: test-catalog
data:
{{- range $user := .Values.users }}
{{ . }}: |
engine.name={{ printf ".Values.%s_engine" ($user) }}
url={{ printf ".Values.%s_url" ($user) }}
username={{ printf".Values.%s_username" ($user) }}
{{- end }}
deployment-coordinator.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ .Release.Name }}-coordinator"
labels:
app.kubernetes.io/name: "{{ .Release.Name }}-coordinator"
spec:
replicas: 1
...
template:
metadata:
labels:
app.kubernetes.io/name: "{{ .Release.Name }}-coordinator"
spec:
volumes:
- name: config
configMap:
name: test-catalog
...
volumeMounts:
- name: config
mountPath: "/etc/config"
Then, I do a helm install test mychart.
When I exec into the pod, and cd to /etc/config, I expect to see foo.properties and baz.properties files in there, and each file looks like:
foo.properties: |
engine.name=postgres
url=some_url
username=foofoo
baz.properties: |
engine.name=postgres
url=some_url
username=bazbaz
The answer from Pawel below solved the error I got previously
unexpected bad character U+0022 '"' in command
But, the files are still not created in the /etc/config directory.
So, I was wondering if it's even possible to create the .properties files using helm range as I mentioned in my config.yaml file above.
The reason I wanted to do it the below way is because I have more than 10 users to create .properties files on, not just foo and baz. Just thought it'll be easier if I can do a for loop on it if possible.
data:
{{- range $user := .Values.users }}
{{ . }}: |
engine.name={{ printf ".Values.%s_engine" ($user) }}
url={{ printf ".Values.%s_url" ($user) }}
username={{ printf".Values.%s_username" ($user) }}
{{- end }}

Helm: howto use ".Files.Get" to import a json into a config map

I try to import a json file into a configmap but the map doesn't contain the file.
my ConfigMap-Template:
apiVersion: v1
kind: ConfigMap
metadata:
name: serilog-configmap
data:
serilog.json: |-
{{ .Files.Get "serilog.json" | indent 4}}
serilog.json is in the root-path of the Project, there is a sub-dir with the Chart and the templetes ( from helm create ).
I allso tried "../../serilog.json" and the fullpath as the filename but it allways ends with the same result when i run helm install --debug --dry-run.
---
# Source: hellowebapi/templates/serilogConfigMap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: serilog-configmap
data:
serilog.json: |-
---
I would excpect:
---
# Source: hellowebapi/templates/serilogConfigMap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: serilog-configmap
data:
serilog.json: |-
{
"Serilog": {
"Using": [
"Serilog.Sinks.ColoredConsole"
],
...
---
Can anybody tell me where i make my mistake?

Try this :
---
apiVersion: v1
kind: ConfigMap
metadata:
name: serilog-configmap
data:
serilog.json: |-
{{- $.Files.Get "configurations/serilog.json" | nindent 6 -}}
with a relative path for the json file (hellowebapi/configurations/serilog.json)
It will produce :
---
# Source: serilog/templates/test.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: serilog-configmap
data:
serilog.json: |-
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"annotations": {

Your json file should be in your chart directory.
See Accessing Files Inside Templates
λ ls
Chart.yaml charts/ serilog.json templates/ values.yaml
λ helm template .
---
# Source: templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: serilog-configmap
data:
serilog.json: |-
{
"Serilog": {
"Using": [
"Serilog.Sinks.ColoredConsole"
]
}
}