kubebuilder icon indicating copy to clipboard operation
kubebuilder copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Helm ServiceAccount scaffolding NIL pointers

Open klaudworks opened this issue 9 months ago • 1 comments
trafficstars

What broke? What's expected?

Problem 1: Helm doesn't short circuit and conditions

Creating a helm chart with kubebuilder edit --plugins=helm/v1-alpha creates a ServiceAccount template:

{{- if .Values.rbac.enable }}
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    {{- include "chart.labels" . | nindent 4 }}
  {{- if and .Values.controllerManager.serviceAccount .Values.controllerManager.serviceAccount.annotations }}
  annotations:
    {{- range $key, $value := .Values.controllerManager.serviceAccount.annotations }}
    {{ $key }}: {{ $value }}
    {{- end }}
  {{- end }}
  name: {{ .Values.controllerManager.serviceAccountName }}
  namespace: {{ .Release.Namespace }}
{{- end -}}

The issue is the following line of code:

  {{- if and .Values.controllerManager.serviceAccount .Values.controllerManager.serviceAccount.annotations }}

This does not work because Values.controllerManager.serviceAccount is not set by default and Helm evaluates all statements in the and condition first. I.e. the following error arises:

Error: template: kimi-operator/templates/rbac/service_account.yaml:7:61: executing "kimi-operator/templates/rbac/service_account.yaml" at <.Values.controllerManager.serviceAccount.annotations>: nil pointer evaluating interface {}.annotations

Same problem exists for pod.labels:

        {{- if and .Values.controllerManager.pod .Values.controllerManager.pod.labels }}
        {{- range $key, $value := .Values.controllerManager.pod.labels }}
        {{ $key }}: {{ $value }}
        {{- end }}
        {{- end }}

Proposed solution: In both cases we can just use a with statement so that the subkey is not checked if the parent doesn't exist e.g.:

{{- with .Values.controllerManager.pod }}
  {{- if .labels }}
    {{- range $key, $value := .labels }}
      {{ $key }}: {{ $value }}
    {{- end }}
  {{- end }}
{{- end }}

Problem 2: webhook not set by default in values.yaml

The webhook key is not set by default in the values.yaml. However, in multiple places webhook.enabled is checked.

Proposed solution: An easy consistent solution would be to just set the following in the values.yaml.

webhook:
  enable: false

If I make the above changes Helm can template the chart. I'm happy to fix this if the proposed solutions are accepted.

Reproducing this issue

No response

KubeBuilder (CLI) Version

4.5.0

PROJECT version

No response

Plugin versions

Other versions

No response

Extra Labels

No response

klaudworks avatar Feb 13 '25 05:02 klaudworks