Home > Enterprise >  helm chart template lookup function does not work
helm chart template lookup function does not work

Time:10-13

When trying to use the helm function: lookup, I do not get any result at all as expected.

My Secret that I try to read looks like this

apiVersion: v1
data:
  adminPassword: VG9wU2VjcmV0UGFzc3dvcmQxIQ==
  adminUser: YWRtaW4=
kind: Secret
metadata:
  annotations:
    sealedsecrets.bitnami.com/cluster-wide: "true"
  name: activemq-artemis-broker-secret
  namespace: common
type: Opaque

The template helm chart that should load the adminUser and adminPassword data looks like this

apiVersion: broker.amq.io/v1beta1
kind: ActiveMQArtemis
metadata:
  name: {{ .Values.labels.app }}
  namespace: common
spec:
  {{ $secret := lookup "v1" "Secret" .Release.Namespace "activemq-artemis-broker-secret" }}
  adminUser: {{ $secret.data.adminUser }}
  adminPassword: {{ $secret.data.adminPassword }}

When deploying this using ArgoCD I get the following error:

failed exit status 1: Error: template: broker/templates/deployment.yaml:7:23:
executing "broker/templates/deployment.yaml" at <$secret.data.adminUser>:
nil pointer evaluating interface {}.adminUser Use --debug flag to render out invalid YAML

Both the secret and the deployment is in the same namespace (common).

If I try to get the secret with kubectl it works as below

kubectl get secret activemq-artemis-broker-secret -n common -o json
{
    "apiVersion": "v1",
    "data": {
        "adminPassword": "VG9wU2VjcmV0UGFzc3dvcmQxIQ==",
        "adminUser": "YWRtaW4="
    },
    "kind": "Secret",
    "metadata": {
        "annotations": {
            "sealedsecrets.bitnami.com/cluster-wide": "true"
        },
        "creationTimestamp": "2022-10-10T14:40:49Z",
        "name": "activemq-artemis-broker-secret",
        "namespace": "common",
        "ownerReferences": [
            {
                "apiVersion": "bitnami.com/v1alpha1",
                "controller": true,
                "kind": "SealedSecret",
                "name": "activemq-artemis-broker-secret",
                "uid": "edff38fb-a966-47a6-a706-cb197ac1797d"
            }
        ],
        "resourceVersion": "127303988",
        "uid": "0679fc5c-7465-4fe1-9197-b483073e93c2"
    },
    "type": "Opaque"
}

What is wrong here. I use helm version: 3.8.1 and Go version: 1.75

CodePudding user response:

This error is the result of two parts working together:

First, helm's lookup only works in a running cluster, not when running helm template (without --validate). If run in that manner it returns nil. (It is usually used as lookup ... | default dict {}, to avoid a nasty error message).

Second, you're deploying with ArgoCD that is actually running helm template internally when deploying a helm chart. See open issue: https://github.com/argoproj/argo-cd/issues/5202 . The issue mentions a plugin that can be used to change this behaviour. However, doing so requires some reconfiguration of argocd itself, which is not trivial and is not without side effects.

  • Related