I am using bitnami/mongodb as a dependency for my helm chart. With this chart autogenerating secrets for e.g. mongodb.auth.rootPassword on install, I want to use the existing secret upon updating the chart, instead of the "empty value" which causes auto generation.
To be clear: The above is just an example / my usecase, the following question is a general question regarding Helm.
Is there any variable in helm to check wether it is an install or an update?
In the context of using a third-party chart, the only thing you can really do is to create the password outside of Helm and inject it (using a -f my-values.yaml file or the --set option). The Bitnami MySQL chart has a more specific note on upgrading:
It's necessary to set the
root.passwordparameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart:$ helm upgrade my-release bitnami/mysql --set root.password=[ROOT_PASSWORD]
If you controlled the template, in principle you can check .Release.IsUpgrade but it won't actually help you here. If you had template code like
{{- if not .Release.IsUpgrade -}}
apiVersion: v1
kind: Secret
...
{{- end -}}
what it would actually do, on upgrade, is notice that the set of Kubernetes manifests doesn't include the Secret object any more, and delete it.
I'd avoid using the Sprig functions to randomly generate a password, or chart-level options to generate one, specifically because Helm doesn't have any way to remember the password and it will get overwritten on every upgrade.