When investigating a CI failure seemingly unrelated with the submitted patch, I encountered a bug in the modules/app/job_1.0.0.tpl template.
After investigating, it appeared that this bug is only triggered when cronjobs are enabled and private values are defined.
Here are steps to reproduce the issue:
~/wmf/deployment-charts master *17 ?4 ❯ ./create_new_service.sh What will be the name of your chart? test INFO:sextant:Loading available components INFO:sextant:Creating the chart from /Users/brouberol/wmf/deployment-charts/_scaffold/service ===> Available components: * generic-application Basic component for generic (non-LAMP) applications * LAMP Basic LAMP application component. * ingress Kubernetes ingress setup with istio. * service-mesh Sets up the service mesh and the TLS termination (if needed) * prometheus-statsd sets up prometheus-statsd-exporter * mcrouter sets up mcrouter ==> Please select a component by name (q to quit) > generic-application INFO:wmflib.interactive:User input is: "generic-application" ===> Available components: * ingress Kubernetes ingress setup with istio. * service-mesh Sets up the service mesh and the TLS termination (if needed) * prometheus-statsd sets up prometheus-statsd-exporter * mcrouter sets up mcrouter Already selected: generic-application ==> Please select a component by name (q to quit) > ingress INFO:wmflib.interactive:User input is: "ingress" ===> Available components: * service-mesh Sets up the service mesh and the TLS termination (if needed) * prometheus-statsd sets up prometheus-statsd-exporter * mcrouter sets up mcrouter Already selected: generic-application,ingress ==> Please select a component by name (q to quit) > service-mesh INFO:wmflib.interactive:User input is: "service-mesh" ===> Available components: * prometheus-statsd sets up prometheus-statsd-exporter * mcrouter sets up mcrouter Already selected: generic-application,ingress,service-mesh ==> Please select a component by name (q to quit) > q INFO:wmflib.interactive:User input is: "q" Selected components: generic-application,ingress,service-mesh ===> Please answer the following questions: * Please input the complete name of the image (without the registry) > whatever * Please input the port that this service will live on. If this service is not behind an ingress (i.e. you didn't select the "ingress" component), please reserve a port at https://wikitech.wikimedia.org/wiki/Kubernetes/Service_ports > 8000 Chart test created, now vendoring dependencies. INFO:sextant:Copied modules/app/generic_1.0.1.tpl => charts/test/templates/vendor/app/generic_1.0.1.tpl INFO:sextant:Copied modules/base/helper_1.1.1.tpl => charts/test/templates/vendor/base/helper_1.1.1.tpl INFO:sextant:Copied modules/base/meta_2.0.0.tpl => charts/test/templates/vendor/base/meta_2.0.0.tpl INFO:sextant:Copied modules/base/name_1.0.0.tpl => charts/test/templates/vendor/base/name_1.0.0.tpl INFO:sextant:Copied modules/app/job_1.0.1.tpl => charts/test/templates/vendor/app/job_1.0.1.tpl INFO:sextant:Copied modules/base/external-services-networkpolicy_1.0.1.tpl => charts/test/templates/vendor/base/external-services-networkpolicy_1.0.1.tpl INFO:sextant:Copied modules/base/networkpolicy_1.2.0.tpl => charts/test/templates/vendor/base/networkpolicy_1.2.0.tpl INFO:sextant:Copied modules/ingress/istio_1.0.3.tpl => charts/test/templates/vendor/ingress/istio_1.0.3.tpl INFO:sextant:Copied modules/mesh/configuration_1.7.0.tpl => charts/test/templates/vendor/mesh/configuration_1.7.0.tpl INFO:sextant:Copied modules/mesh/certificate_1.1.0.tpl => charts/test/templates/vendor/mesh/certificate_1.1.0.tpl INFO:sextant:Copied modules/mesh/name_1.1.0.tpl => charts/test/templates/vendor/mesh/name_1.1.0.tpl INFO:sextant:Copied modules/mesh/deployment_1.3.0.tpl => charts/test/templates/vendor/mesh/deployment_1.3.0.tpl INFO:sextant:Copied modules/mesh/networkpolicy_1.2.0.tpl => charts/test/templates/vendor/mesh/networkpolicy_1.2.0.tpl INFO:sextant:Copied modules/mesh/service_1.1.0.tpl => charts/test/templates/vendor/mesh/service_1.1.0.tpl
I then define the following data in values.yaml:
config: public: {} # Add here all the keys that can be publicly available as a ConfigMap private: password: secretpassword
~/wmf/deployment-charts master *17 ?5 ❯ helm template myrelease ./charts/test -f ./charts/test/.fixtures/cronjob_enabled.yaml Error: template: test/templates/cronjob.yaml:24:14: executing "test/templates/cronjob.yaml" at <include "app.job.container" (dict "Root" $root "Job" $cronjob)>: error calling include: template: test/templates/vendor/base/name_1.0.0.tpl:35:27: executing "base.name.release" at <.Chart.Name>: nil pointer evaluating interface {}.Name Use --debug flag to render out invalid YAML
The issue comes from a series of indentation errors and a wrong variable passing in modules/app/job_1.0.0.tpl, specifically in:
- name: {{ $k }} valueFrom: secretKeyRef: name: {{ template "base.name.release" $ }}-secret-config key: {{ $k }}
This block should actually read
- name: {{ $k }} valueFrom: secretKeyRef: name: {{ template "base.name.release" $.Root }}-secret-config key: {{ $k }}
With this, rendering works:
~/wmf/deployment-charts master *17 ?5 ❯ helm template myrelease ./charts/test -f ./charts/test/.fixtures/cronjob_enabled.yaml | grep -C 2 # Source: test/templates/service.yaml -- secretKeyRef: name: test-myrelease-secret-config key: password resources: -- imagePullPolicy: IfNotPresent env: - name: password valueFrom: secretKeyRef: name: test-myrelease-secret-config key: password command: - /bin/cowsay