Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

helm package command injecting secrets one by one #362

Open
jdlarrubia opened this issue Oct 3, 2024 · 1 comment
Open

helm package command injecting secrets one by one #362

jdlarrubia opened this issue Oct 3, 2024 · 1 comment

Comments

@jdlarrubia
Copy link

Hello Community, I've come to a singular problem that I fixed with a more singular solution.

So, my case started when I wanted to add a new variable to my app. This app is templated with Helm and in the deployment.yaml I had something like this:

envFrom:
    - configMapRef:
        name: environment-backend
    - secretRef:
        name: backend-secrets

To deploy this application, I have a CI/CD pipeline that package the helm app and upgrade it to the cluster. Nothing out of the ordinary.

I added 1 more secret to my secret.yaml file and applied it (secrets file is not part of the helm template), and tried to restart the deployment in my k8s cluster.

New secret was not being included in my pods, nor in my deployment. But, if we tried to include new variables in the configmap we could see them in our pods.

After doing some testing and digging, we managed to "understand" what was happening:

One of the tests was to double-quote the name of the secret in the secret ref, just like this:

envFrom:
    - configMapRef:
        name: environment-backend
    - secretRef:
        name: "backend-secrets"

When triggered our pipeline again, the new secret was added. We came to the conclussion that, when you package without quotes, helm connects to the cluster and injects all variables directly to the deployment.yaml so it would look like this:

envFrom:
    - configMapRef:
        name: environment-backend
env:
    - name: VAR_1
      valueFrom:
        secretKeyRef:
          name: backend-secrets
          key: VAR_1
    - name: VAR_2
      valueFrom:
        secretKeyRef:
          name: backend-secrets
          key: VAR_2
    - name: VAR_3
      valueFrom:
        secretKeyRef:
          name: backend-secrets
          key: VAR_3

But, if we do the same with quotes, we get this result after the helm package:

envFrom:
    - configMapRef:
        name: environment-backend
    - secretRef:
        name: "backend-secrets"

The only thing we thought could be happening is that, if you set the double quotes, HELM process that as string so it does not inject them, but it does if you don't set them.

Is this a normal and expected behaviour?

@gjenkins8
Copy link
Member

Issues regarding Helm usage are best posted over on the helm software repo https://github.com/helm/helm. Please repost there. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants