New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
helm3 template with --validate option #3640
Comments
+1 This would be really helpful for deriving private registry addresses, ingress hosts etc. so that we need not take these inputs from the user |
would also love to see this baked in |
Also, this could fix error when using This mean |
FYI, this project provides a decent workaround https://github.com/kuuji/helm-external-val |
Is there any active development on this ticket? |
I believe helm/helm#9426 is a prerequisite. Should we consider this a duplicate of #5202 ? |
I guess the other is actually newer, but it is a bit clearer in intent and has more discussion. :-) |
Closing for now, in favor of 5202. |
Summary
helm3 has a new template function called lookup.
The lookup function can be used to look up resources in a running cluster and get metadata from objects on render time.
this feature was introduced on helm3 release and was working with helm template command, the problem was this is a vulnerability in terms of helm template shouldn't interact with the cluster unless specified the --validate flag.
in the latest helm3 version they fixed that vulnerability and now helm template wouldn't render this function, but it should render when using --validate flag.
this feature currently doesn't work with helm template --validate as it should be, but it should be fixed soon and there is also an open issue about it.
Motivation
get metadata from objects like ConfigMaps so I can decide on which cluster im on, and write logic in helm template to use it instead of writing it in each values.yaml file for each cluster( i have 40 k8s clusters I manage, and 90% of the time the only thing I change between the clusters is the cluster name I'm deploying to.)
Proposal
ArgoCD uses helm template command before applying with kubectl to the cluster.
if we could have the option to add --validate to helm template command it could solve the problem and support the lookup function once this issue is solved by helm.
Reference
helm functions: https://helm.sh/docs/chart_template_guide/functions_and_pipelines
lookup Function Information Discolosure: GHSA-q8q8-93cv-v6h8
helm template render lookup function issue: helm/helm#8137
The text was updated successfully, but these errors were encountered: