New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helm Chart 1.13.1: Error with 'existingSecret' for External Redis Database #1641
Comments
I understand what's going on ! As we can see in the lines added in that commit: 7b6501a the lookup function is used to discover the In my context, I'm using ArgoCD to deployed the Harbor Helm Chart. Here is how ArgoCD deployed a Helm Chart : I suggest to enhance source code and to make it Harbor Helm reliable with ArgoCD an harmonisation of the way to reach |
it seem that you can specifiy |
besides,it is a limitation from helm template when you are using existing secret. I am afraid we can not do nay enhancement for this currently
https://helm.sh/docs/chart_template_guide/functions_and_pipelines/#using-the-lookup-function |
The things is I don't want to pass secrets in the values file because I'm using GitOps way with ArgoCD so I'm using the field
I think they are one possible enhancement as I say, using a ref to secret to pass the full Redis Addr, and this secret is mounted as env var in the ConfigMap core (exactly like
redis:
external:
# If using addrFromSecret, the key must be REDIS_ADDR
addrFromSecret: "" I'm not even sure that is possible because the templating add a url path for both _REDIS_URL_CORE and _REDIS_URL_REG. I'm not a huge fan of this solution, for me the problem come from both:
|
The issue is that
The solution is that the chart should be prepared for the possibility that the return of the I can provide a PR with a fix, but I would like to ask one of the contributors for the greenlight ;) |
It looks like the chart will create it's own secret, even when an existing one is passed in. Only for this new secret to end up in an envFrom/secretKeyRef. |
+1 I've faced the same issue using Rancher Fleet. |
Facing the same issue as well. |
Couple things:
Technically we could add a check for empty value, but helm will not be able to template the url with value from existing secret, and your harbor will crash, having no password in the templated url So, deploying with helm template and existingSecret for external redis is currently not supported To do this properly two things would need to happen
|
Absolutely agree ! I think it could be a good idea to specify in the helm chart doc that specific behavior, and this issue may be closed |
Also running into the same roadblock as others - needing to leverage an existing secret for credentials and we’re using ArgoCD. Any chance there’s a dev taking a look or a timeline for this to get resolved? |
I was able to render the template locally with the command |
Issue Description
I have encountered a regression in the Helm Chart with the latest patch (1.13.1). Specifically, when attempting to provide an existingSecret for an external Redis database, the following error occurs:
This issue is not present in version 1.13.0 or any earlier release.
Step to Reproduce
Expected Behavior
Providing an existingSecret for an external Redis database should work without errors, as it did in version 1.13.0 and earlier.
Environment
Additional Information
My exact
values.yaml
file:Error Source
Maybe coming from commit
7b6501a
from branch1.13.0
especially from filetemplates/_helpers.tpl
(7b6501a)Thank you for your attention to this matter! Let me know if you need any further information.
The text was updated successfully, but these errors were encountered: