'Using ingress host from k8s secret in helm

I am trying to deploy a service using helm. The cluster is Azure AKS & I have one DNS zone associated with a cluster that can be used for ingress.

But the issue is that the DNS zone is in k8s secret & I want to use it in ingress as host. like below

spec:
  tls:
  - hosts:
    - {{ .Chart.Name }}.{{ .Values.tls.host }}
  rules:
  - host: {{ .Chart.Name }}.{{ .Values.tls.host }}
    http:
      paths:
        -
          pathType: Prefix
          backend:
            service:
              name: {{ .Chart.Name }}
              port:
                number: 80
          path: "/"

I want .Values.tls.host value from secret. Currently, it is hardcoded in values.yaml file.

kuberneteskubernetes-helmazure-aks


Solution 1:[1]

This is a community wiki answer posted for better visibility. Feel free to expand it.

For the current version of Helm (3.8.0), it seems not possible to use values right from Secret with standard approach. Based on the information from Helm website:

A template directive is enclosed in {{ and }} blocks. The values that are passed into a template can be thought of as namespaced objects, where a dot (.) separates each namespaced element.

Objects are passed into a template from the template engine and can be:

  • Release
  • Values
  • Chart
  • Files
  • Capabilities
  • Template

Contents for Values objects can come from multiple sources:

  • The values.yaml file in the chart
  • If this is a subchart, the values.yaml file of a parent chart
  • A values file if passed into helm install or helm upgrade with the -f flag (helm install -f myvals.yaml ./mychart)
  • Individual parameters passed with --set (such as helm install --set foo=bar ./mychart)

Solution 2:[2]

Helm cannot fetch values from Kubernetes, and ingress manifest do not support this type of reference.

You need to do this outside of helm and stitch the commands together, in your pipeline or from some script or manually in the shell.

helm install my-app chart/ \
 --set tls.host="$(kubectl get secret my-dns-zone \
   -o go-template='{{index .data "dns-zone" | base64decode }}')"

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2

Related Questions