Search code examples
kubernetes-helmkubernetes-secrets

how to loop through in Helm chart

I was trying to iterate through my values.yaml file objects

values.yaml

keyvault:
  name: mykv
  tenantId: ${tenantId}$
  clientid: "#{spid}#"
  clientsecret: "#{spsecret}#"
  secrets:
    - secret1
    - secret2
    - secret3

So here my requiremnt is to loopthrough each item of above "secrets" to below serviceproviderclass templates, "Data" and objectName fields. But its failing.

What I tried is as below.

{{- define "commonobject.secretproviderclass.tpl" -}}
{{- if eq .Values.secret.enabled true }}
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: {{ $.Release.Name }}-secretproviderclass
  labels:
    app: {{ $.Release.Name }}
    chart: "{{ $.Release.Name }}-{{ .Chart.Version }}"
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
spec:
  provider: azure
  secretObjects:
  - data:
      {{- range $key, $value := .Values.keyvault }}
      {{- range $value.secret }}
    - key: { . }
      {{- end }}
      {{- end }}
    secretName: {{ .Values.secret.keyvault.name }}
    type: opaque
  parameters:
    usePodIdentity: "false"
    useVMManagedIdentity: "false"
    userAssignedIdentityID: ""
    keyvaultName: {{ .Values.keyvault.name }}
    objects: |
      array:
        {{- range $key, $value := .Values.keyvault }}
        {{- range $value.secret }}
        - |
          objectName: {{ . }}
          objectType: secret
        {{- end }}
        {{- end }}
    tenantId: {{ .Values.keyvault.tenantid }}
{{- end }}
{{- end -}}
{{- define "commonobject.secretproviderclass" -}}
{{- template "commonobject.util.merge" (append . "commonobject.secretproviderclass.tpl") -}}
{{- end -}}
Solution

  • In your values.yaml file, .Values.keyvault is a single object that has keys name, secrets, etc. If you want to iterate through its secrets you just need a single range loop to do that.

      secretObjects:
  - data:
      {{- range .Values.keyvault.secrets }}{{/* <-- only one range loop */}}
    - key: { . }
      {{- end }}
    secretName: {{ .Values.secret.keyvault.name }}
    type: opaque

    In the double loop you have now, $key and $value get set to each pair from .Values.keyvault in sequence; clientid and #{spid}#, clientsecret and #{spsecret}#, and so on; and then you try to iterate through those (often string-valued) values. For this use you don't need the outer loop.