How do I get the name of a parent element from my values.yaml in a Helm template?

Question

I have a section in my values.yaml that looks like this:

env:
  normal:
    ENV_VAR_1: value
    ENV_VAR_2: otherValue
  secret:
    secret-location:
      ENV_VAR_USERNAME: username
      ENV_VAR_PASSWORD: password
    different-secret:
      ENV_CONN_STRING: my_conn_string

I have a _helpers.tpl function like so:

{{/*
Add environment variables
*/}}
{{- define "helpers.list-env-variables" }}
{{- range $key, $val := .Values.env.normal }}
- name: {{ $key }}
  value: {{ $val }}
{{- end }}
{{- range $name := .Values.env.secret }}
{{- }}
{{- range $key, $val := $name }}
- name: {{ $key }}
  valueFrom:
    secretKeyRef:
      name: {{ $name }}
      key: {{ $val }}
{{- end }}
{{- end }}
{{- end }}

and it's called in the deployment.yaml like you'd expect:

          env:
          {{- include "helpers.list-env-variables" . | indent 12 }}

So the normal environment variables get added just fine, but the secret ones don't. It specifies the secretKeyRef.name: value as map[ENV_VAR_USERNAME:username ENV_VAR_PASSWORD:password] instead of secret-key-ref.

helm debug output:

...
         env:
            - name: ENV_VAR_1
              value: value
            - name: ENV_VAR_2
              value: otherValue
            - name: ENV_VAR_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: map[ENV_VAR_USERNAME:username ENV_VAR_PASSWORD:password]
                  key: password
            - name: ENV_VAR_USERNAME
              valueFrom:
                secretKeyRef:
                  name: map[ENV_VAR_USERNAME:username ENV_VAR_PASSWORD:password]
                  key: username
            - name: ENV_CONN_STRING
              valueFrom:
                secretKeyRef:
                  name: map[ENV_CONN_STRING:my_conn_string]
                  key: my_conn_string

I've already got all these secrets loaded into my K8s cluster (they get shared across a number of microservices, so I don't need to add new secrets which is what the default Helm template seems to want to do) - I just need to reference existing secrets.

My assumption here is that there's something I'm missing in my function to get the value of an element (e.g. "secret-location"), I just can't figure out what it is. If there's a different way I can structure my values.yaml to accomplish this, I'm game for that as well.

Answer 1

When obtaining secret data, it can also be obtained in the form of key-val.

Try replacing _helpers.tpl with the following

{{/*
Add environment variables
*/}}
{{- define "helpers.list-env-variables" }}
{{- range $key, $val := .Values.env.normal }}
- name: {{ $key }}
  value: {{ $val }}
{{- end }}
{{- range $k, $v := .Values.env.secret }}
{{- }}
{{- range $key, $val := $v }}
- name: {{ $key }}
  valueFrom:
    secretKeyRef:
      name: {{ $k }}
      key: {{ $val }}
{{- end }}
{{- end }}
{{- end }}