0

At the moment I have the following secret set up:

apiVersion: v1
kind: Secret
metadata:
  name: my-repository-key
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: {{ template "imagePullSecret" . }}

Unfortunately, I have 2 subcharts using the same secret, which cause an issue when I try to install them using helm.

Per the stackoverflow answer, I've tried using the following line to prevent the re-creation of the secret:

{{- if not (lookup "v1" "Secret" "" "my-repository-key") }}

Unfortunately It did not work, and I'm unable to debug the lookup as it's impossible for the time being.

How do I prevent the creation with a lookup? Is there a better way?

Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
Bharel
  • 23,672
  • 5
  • 40
  • 80
  • Just a wild guess, are you looking for secret in correct namespace? – mchawre Jan 13 '21 at 13:34
  • Have you seen https://stackoverflow.com/a/56171690/11300382 ? As you have metioned problem with lookup is still not resolved. Its debugging it is disabled with `helm template`. – Malgorzata Jan 13 '21 at 14:58
  • How are the subcharts naming the secret? It's typical to name things starting with `{{ .Release.Name }}-{{ .Chart.Name }}` and that shouldn't have conflicts between different charts in the same release. – David Maze Jan 13 '21 at 17:52
  • @mchawre AFAIK when you don't specify one (empty string) it searches in all of them. – Bharel Jan 13 '21 at 18:18
  • @DavidMaze interesting idea. I just didn't want to create a secret for each chart, as they can share one quite easily. It's a single repository that didn't change the past 5 years. – Bharel Jan 13 '21 at 18:20
  • @Malgorzata ughhh it gets more and more complicated for something that is supposed to be simple. Haven't tried pre-install hooks. – Bharel Jan 13 '21 at 18:23
  • @DavidMaze I've used your suggestion, thank you very much. Add it as an answer and I'll accept :-) – Bharel Jan 14 '21 at 12:15

1 Answers1

3

In Helm charts, Kubernetes objects are often named with a prefix that's the name of the current release plus the name of the current chart. That will make the name unique, even if there are related subcharts that declare similar secrets. (A secret is pretty small and duplicating it between two subcharts shouldn't be an operational problem.)

metadata:
  name: "{{ .Release.Name }}-{{ .Chart.Name }}-key"

If you created the chart with helm create, this pattern is common enough that the new-chart template includes a helper template that generates this. If the chart only has a single secret, you can use the default name:

metadata:
  name: "{{ include "chartname.fullname" . }}"

Or, up to some corner cases around naming, you can add a suffix to it

metadata:
  name: "{{ include "chartname.fullname" . }}-key"
David Maze
  • 130,717
  • 29
  • 175
  • 215