[Bug]: Using secrets results in "map[...]" values

[icewindow]

Affected Chart

icinga-stack

Which version of the app contains the bug?

0.1.0

Please describe your problem

Using kubernetes secrets in several places results in output similar to value: "map[secretKey:username]" in the generated manifest.

Places I have noticed this happening in include:

• icinga-stack/charts/icinga2/templates/configmaps.yaml
  • icinga2.conf, the TicketSalt const value
  • api-user.conf, the ApiUser object's password
• icinga-stack/charts/icingadb/templates/deployment.yaml
  • Environment variables ICINGADB_DATABASE_USER and ICINGADB_DATABASE_PASSWORD
• icinga-stack/charts/icingaweb2/templates/deployment.yaml
  • multiple environment variables
• icinga-stack/templates/internal-databases.yaml
  • Environment variables MARIADB_USER and MARIADB_PASSWORD

Here is the output from running helm install --dry-run --debug: debug.log

---

One thing I'd like to mention, though this does not seem to have affected much: I noticed the problem by the icingadb pod not coming up due to invalid credentials. Since I wasn't entirely sure of the format for using secrets, as the chart sometimes requires the secretName to be at the same level as the secretKey and sometimes one level above, I tried using two different configs for the global.databases.icingadb section.

At first I had the config looking like this:

    icingadb:
      database: icingadb
      username:
        secretName: icingadb-secrets
        secretKey: username
      password:
        secretName: icingadb-secrets
        secretKey: password
      enabled: true
      # host: mariadb.example.com
      # port: 3306
      persistence:
        enabled: true
        size: 5Gi

and changed it to

    icingadb:
      database: icingadb
      secretName: icingadb-secrets
      username:
        secretKey: username
      password:
        secretKey: password
      enabled: true
      # host: mariadb.example.com
      # port: 3306
      persistence:
        enabled: true
        size: 5Gi

Both forms resulted in map[...] values, but slightly different. From what I can tell, the latter format is the correct one for the database configuration, though I've only changed the icingadb section so far. The other sections still used the former format when I ran helm install --dry-run --debug, hence the slight discrepancy with the database StatefulSets.

[mocdaniel]

Thanks for this report. I think it's due to the changes regarding secret management we are introducing at the moment. I will revalidate this and get back to you. A fix will be in v0.2.0 (which is coming soon), along with proper documentation on how secret management works within this chart.

[icewindow]

Okay, thanks for letting me know.

One thing I forgot to report back on: After using secrets didn't work, I did change my values file to temporarily use hard-coded strings. I did notice that using for example

icinga2:
  config:
    ticket_salt:
      value: changeme

like it's documented resulted in a similar map[] value. I needed to do it like this instead:

icinga2:
  config:
    ticket_salt: changeme

This could be part of the changes you mentioned, as it also happens in the same area.

[CanisLupusLupus]

As @mocdaniel mentioned this is due to changes in secret management. Secrets are not used in version v0.1.0 (and result in output "map[...]" as you noticed). The are implemented in main branch, which is why they are described in current configuration.md.