Argo-cd: Unable to use .Release.Name Helm variable in default values.yaml

Created on 29 Sep 2020 · 3Comments · Source: argoproj/argo-cd

My project structure:

applications
├── contra-metabase
│   ├── Chart.yaml
│   ├── templates
│   │   ├── _helpers.tpl
│   │   └── sealed-secret.yaml
│   └── values.yaml
└── mother
    ├── Chart.yaml
    ├── templates
    │   └── metabase.yaml
    └── values.yaml

mother is an umbrella Helm application.

applications/mother/templates/metabase.yaml is:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: metabase
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: [email protected]:contrawork/contra-cluster
    targetRevision: HEAD
    path: applications/contra-metabase
    helm:
      valueFiles:
        - values-production.yaml
  destination:
    server: {{ .Values.spec.destination.server | quote }}
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true

Meanwhile, applications/contra-metabase/Chart.yaml declares dependency on stable/metabase:

name: contra-metabase
version: '1.0.0'
dependencies:
  - name: stable/metabase
    alias: metabase

applications/contra-metabase/templates/sealed-secret.yaml describes a sealed-secret to be used by stable/metabase:

apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  creationTimestamp: null
  name: {{ .Release.Name | quote }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "app.resource_labels" . | indent 4 }}
spec:
  encryptedData:
    connectionUri: AgAR/lZOxOpX/jcT9OdQrq+AdOIkPFrEYO3qQeIhC5gq5CWq/WIziqTrcq6wS2adgZAXuptChzgw/ti50fJ8wKpTzzZViJzexlkGWd0U4/NnQRULuq2F5tRFcs+BVJ4NANoS/C+ufKtPqaQ1UlIEFr1BID6IzPyNKosU+YSEHHUzco3ZZEjXIO6tN02KM+UObMsoXE3KueyZGMWilykMGPBK1nv5P00YdQeCK7gvPtgVscejKqL1ROjGD8qB4Hfo9ltOXIVxuf5qUdSHBym2ziKOOBigKpXmH0BdwvV557ihvSE/wbTLTP4YwjJnr/HQ/JKGTgY37rD/sirto0BgvJOUKH3j8P1OUq2qAdfP6CkqlY5O/7pFMkpuPnvjDE9hFMjV4NFAoEHf6xiEbafy0i/4vnmhjneK+bmaop+e8VYp85TjwD1I1vMLLjd7kJWnWPADOYGCml4UgDkIBrJciI6jPwIU7MjoZy2DUUv5fS3tOZLDt1OQGqhck3W9NrrkL36BaSf1XL+cMTEVaoYSyePz8/ym8rNd1eyP7J6sGomnTIRTSjPWw5OIvgbCc51kmrGsLZJQaeRfYaeGCyGtoPmvaJQ6BaZwH4obCNOb34cAsgYQW6p4HUOzFfuXB/NzG19D8GvwYxbpLHfIN1lZ/SabTMuAxVXQybBEfpqMbvxXRcz8upSQJ+w02xnJVoxldQ/DOb7DNd47fBTGdOF92RJnd2TLRqBsbG5IM+oiuS/5HhNiY/brmCISGjINAW8K+9YtZ1vgHZhJPI+Yz4p3OHC+BQLCsQ9x8UcuV0RDu42tpiFEM6Ir73cuV+M=
  template:
    metadata:
      creationTimestamp: null
      name: {{ .Release.Name | quote }}
      namespace: {{ .Release.Namespace | quote }}

The problem is in the applications/contra-metabase/values.yaml – it needs to reference the sealed secret, which uses the release name. I've tried using {{ .Release.Name }} in values.yaml like, but I suspect this is not allowed:

app:
  deployment:
    version: v0.36.3
metabase:
  image:
    tag: v0.36.3
  database:
    type: postgres
    existingSecret: {{ .Release.Name | quote }}
    existingSecretConnectionURIKey: connectionUri
  service:
    type: NodePort
  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    hosts:
      - 'metabase.contra.com'
    tls:
      - hosts:
        - metabase.contra.com
        secretName: metabase-contra-com-tls

The above gives an error:

Error: Reading chart 'contra-metabase' default values (app:
  deployment:
    version: v0.36.3
metabase:
  image:
    tag: v0.36.3
  database:
    type: postgres
    existingSecret: {{ .Release.Name | quote }}
    existingSecretConnectionURIKey: connectionUri
  service:
    type: NodePort
  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    hosts:
      - 'metabase.contra.com'
    tls:
      - hosts:
        - metabase.contra.com
        secretName: metabase-contra-com-tls
): error converting YAML to JSON: yaml: invalid map key: map[interface {}]interface {}{".Release.Name | quote":interface {}(nil)}
FATA[0006] Operation has completed with phase: Error

If I cannot use variables in values.yaml, how do I reference the release name without hardcoding it?

answered question works-for-me

Source

gajus

All 3 comments

This is not an Argo CD issue as it more a helm limitation. You can't use {{variables}} in helm values.yaml, AFAIK.

jessesuen on 29 Sep 2020

@jessesuen is right, this is an issue with how your using helm & parents charts:
https://helm.sh/docs/chart_template_guide/subcharts_and_globals/

If the sealed secret is using the .Release.Name in the chart contra-metabsae I guess you are trying to input that secret name into values.yaml for the chart mother?

What I would probably do is:

In the child chart contra-metabase, use an env var to that chart, where if it is defined, use the variable to name the secret, else default to the current release name, something like.

{{ .Values.SecretName | default .Release.Name }}

In the same child chart, define the default value in values.yaml (intentionally blank):

SecretName:

In the parent chart mother you can then set that value for the sub chart such as:

contra-metabase:
  SecretName: <DEFINE HERE>

Because you have defined the value in the parent chart, you can reuse that value easily at that level.
You cannot (i don't think) pass back values from a child chart to the parent chart. Especially ones that are generated. Work top down.

You might also just be able to define the .Release.Name for the sub chart directly... then you already know what the secret will be called. I'm not a helm expert either, so I'd go to the docs to see what's possible.