helm package command injecting secrets one by one #362
Description
Hello Community, I've come to a singular problem that I fixed with a more singular solution.
So, my case started when I wanted to add a new variable to my app. This app is templated with Helm and in the deployment.yaml I had something like this:
envFrom:
- configMapRef:
name: environment-backend
- secretRef:
name: backend-secrets
To deploy this application, I have a CI/CD pipeline that package the helm app and upgrade it to the cluster. Nothing out of the ordinary.
I added 1 more secret to my secret.yaml file and applied it (secrets file is not part of the helm template), and tried to restart the deployment in my k8s cluster.
New secret was not being included in my pods, nor in my deployment. But, if we tried to include new variables in the configmap we could see them in our pods.
After doing some testing and digging, we managed to "understand" what was happening:
One of the tests was to double-quote the name of the secret in the secret ref, just like this:
envFrom:
- configMapRef:
name: environment-backend
- secretRef:
name: "backend-secrets"
When triggered our pipeline again, the new secret was added. We came to the conclussion that, when you package without quotes, helm connects to the cluster and injects all variables directly to the deployment.yaml so it would look like this:
envFrom:
- configMapRef:
name: environment-backend
env:
- name: VAR_1
valueFrom:
secretKeyRef:
name: backend-secrets
key: VAR_1
- name: VAR_2
valueFrom:
secretKeyRef:
name: backend-secrets
key: VAR_2
- name: VAR_3
valueFrom:
secretKeyRef:
name: backend-secrets
key: VAR_3
But, if we do the same with quotes, we get this result after the helm package:
envFrom:
- configMapRef:
name: environment-backend
- secretRef:
name: "backend-secrets"
The only thing we thought could be happening is that, if you set the double quotes, HELM process that as string so it does not inject them, but it does if you don't set them.
Is this a normal and expected behaviour?