Mario
September 29, 2023, 11:00am
1
Hi there
I am upgrading the vault-secrets-operator in our cluster from version 0.1.0 to 0.3.1.
When upgrading I get this issue:/charts/vault-secrets-operator/templates/_helpers.tpl:140:15: executing "imagePullSecrets" at <.Values.controller.imagePullSecrets>: nil pointer evaluating interface {}.imagePullSecrets Use --debug flag to render out invalid YAML
Anyone have any idea how to get around this?
I’ve tried overriding the values like this:
controller:
imagePullSecrets: []
But it does not work.
I see there have been some work on imagePullSecrets in the newer versions:
hashicorp:main ← hashicorp:VAULT-17205/add_image_pull_secrets
opened 06:48PM - 13 Jun 23 UTC
* Adds `controller.imagePullSecrets` to the helm chart which will apply imagePul… lSecrets to the controller serviceaccount so all containers in the controller's deployment will have access to private registry credentials.
From the Kube API docs for ServiceAccounts:
```
// ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images
// in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets
// can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet.
// More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
```
More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-image-pull-secret-to-service-account
Fixes #265
Rolling back to 0.1.0 and it all works fine again
Anybody have some tips for how to fix/get around this?
It’s easier to answer if you post your values file (with sensitive information redacted)
Mario
October 2, 2023, 10:20am
3
I was able to reproduce this in a simple sample, so I made an issue on Github for this:
opened 09:26AM - 02 Oct 23 UTC
bug
**Describe the bug**
Using both `vault` and `vault-secrets-operator` as depende… ncies in a Helm chart does not work with the latest version of `vault-secrets-operator`. Upgrading from `0.1.0` to `0.3.1` the `helm template` fails, both locally and in our test cluster.
This is without any customization in the `values.yaml` file.
Installing only `vault` or `vault-secrets-operator` as chart dependencies works fine.
**To Reproduce**
Steps to reproduce the behavior:
1. Clone the repo here: https://github.com/mmalvik/vault-secrets-operator-issue
2. Run `helm template .` to see that version `0.1.0` of `vault-secrets-operator` works.
3. Upgrade `vault-secrets-operator` to `0.3.1` in `Chart.yaml` and run `helm dependency update`.
4. Run `helm template .` command and it fails with error message:
`
Error: template: secrets-operator-issue/charts/vault/templates/tests/server-test.yaml:17:6: executing "secrets-operator-issue/charts/vault/templates/tests/server-test.yaml" at <include "imagePullSecrets" .>: error calling include: template: secrets-operator-issue/charts/vault-secrets-operator/templates/_helpers.tpl:140:15: executing "imagePullSecrets" at <.Values.controller.imagePullSecrets>: nil pointer evaluating interface {}.imagePullSecrets
`
I do not understand what is happening. Am I missing something obvious here? 😅
I have tried overriding it through values:
```yaml
vault-secrets-operator:
controller:
imagePullSecrets: []
```
But no luck here.
**Expected behavior**
I expect `helm template` to render the templates.
**Environment**
* Kubernetes version: `1.23.8` for our test environment and `1.27.4` on local machine.
* Distribution or cloud vendor: VMware Tanzu in test env and Minikube locally
* vault-secrets-operator version: `0.3.1`
**Additional context**
We try to install `vault` and `vault-secrets-operator` in a GitOps fashion through ArgoCD and Helm chart dependencies.
It is ArgoCD that runs the `helm template` command that fails.
