helm: template: ../secrets.yaml executing ..secrets.yaml" at : invalid value; expected string

helm version: Client: &version.Version{SemVer:“v2.16.1”, GitCommit:“bbdfe5e7803a12bbdf97e94cd847859890cf4050”, GitTreeState:“clean”} Server: &version.Version{SemVer:“v2.16.1”, GitCommit:“bbdfe5e7803a12bbdf97e94cd847859890cf4050”, GitTreeState:“clean”}

kubectl version Client Version: version.Info{Major:“1”, Minor:“16”, GitVersion:“v1.16.2”, GitCommit:“c97fe5036ef3df2967d086711e6c0c405941e14b”, GitTreeState:“clean”, BuildDate:“2019-10-15T19:09:08Z”, GoVersion:“go1.12.10”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“16”, GitVersion:“v1.16.2”, GitCommit:“c97fe5036ef3df2967d086711e6c0c405941e14b”, GitTreeState:“clean”, BuildDate:“2019-10-15T19:09:08Z”, GoVersion:“go1.12.10”, Compiler:“gc”, Platform:“linux/amd64”}

Cloud Provider/Platform (AKS, GKE, Minikube etc.): VMWare Virtual machine

I’m trying to implement a simple secret in Helm chart and its been elusive so far. Steps done:

  1. Installed gpg and configured with default values
  2. Created helm_vars folder inside the base folder where templates and Chart.yaml file reside
  3. create .sops.yaml file inside helm_vars with creation_rules
  4. create secrets.yaml file with mysecret:mypassword in it
  5. run “helm secrets enc secrets.yaml” and see that it encrypts properly
  6. create secrets.yaml file inside of templates folder
apiVersion: v1
kind: Secret
metadata:
  annotations:
  labels:
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
  name: mytestpwd
type: Opaque
data:
  mysecret: {{ .Values.mysecret | b64enc  | quote }}
  1. Inside of deplyoment.yaml in templates folder, added this piece of code
        env:
           - name: SOMEPASSWORD
             valueFrom:
               secretKeyRef:
               name: mytestpwd
               key: mysecret

When I do a dry run or run helm template, get this error

Error: render error in “testsec/templates/secrets.yaml”: template: testsec/templates/secrets.yaml:12:34: executing “testsec/templates/secrets.yaml” at <b64enc>: invalid value; expected string

When I pass the value explicitly “helm template testsec --set-string mysecret=“thepassword””, then it works fine which confirms that it is not able to retrieve .Values.mysecret . When | b64enc is removed, it runs fine but doesnt have any value inside.

Ideally I think .Values.mysecret inside of templates folder should reference the mysecret value inside of helm_vars folder correct? Seems like it isn’t. I see that this happens with helm version 3.0.0 and also 2.15.1 which says that I’m performing some steps wrong. Any help is appreciated.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 15 (7 by maintainers)

Most upvoted comments

When you write mysecret: {{ .Values.mysecret | b64enc | quote }} in templates/secret.yaml, it means helm use mysecret in values.yaml to render it. But you didn’t write mysecret in values.yaml, so .Values.mysecret got nothing. Then b64env got nothing without string, the error raised.

You have to define mysecret field in values.yaml.

+3
zwwhdls on Nov 28, 2019
Read more comments on GitHub
← helm: Sprig `dig` doesn't dig into chartutil.Values
helm: The `helm pull` command does not remove temporarily index files from repository cache location →