Literally quote strings with buildHelmChart

Question

Literally quote strings with buildHelmChart

heywoodlh opened this issue 10 months ago · 3 comments

When using kubelib.buildHelmChart, it seems to remove quotes. For example, I have the following defined:

        grafana = (kubelib.buildHelmChart {
          name = "grafana";
          chart = (nixhelm.charts { inherit pkgs; }).grafana.grafana;
          ...
          values = {
            ...
            service.annotations = {
              "tailscale.com/expose" = "true";
              "tailscale.com/hostname" = "grafana";
              "tailscale.com/tags" = "tag:http";
            };
          };
        });

When I build with nix build -o result .#grafana, the annotations are rendered like so:

  annotations:
    tailscale.com/expose: "true"
    tailscale.com/hostname: grafana
    tailscale.com/tags: tag:http

And they get ignored when I kubectl apply. What I actually want is it to be rendered like so:

  annotations:
    tailscale.com/expose: "true"
    tailscale.com/hostname: "grafana"
    tailscale.com/tags: "tag:http"

I've made multiple attempts to use builtins.toString, or trying to escape the quotes and nothing seems to work -- I suspect that buildHelmChart sanitizes the output but haven't tried to track it down yet.

Any suggestions?

Answer 1 · 2024-03-16T14:11:00.000Z

Are you sure there's noting tinkering with your kubectl runs?

  annotations:
    tailscale.com/expose: "true"
    tailscale.com/hostname: grafana
    tailscale.com/tags: tag:http

This is 100% valid yaml. You only quote true, because otherwise it's parsed as a string.

Answer 2 · 2024-03-17T04:31:24.000Z

In my setup, I'm just running: kubectl apply -f ./result

The YAML gets applied -- just without the labels that don't have quoted values. So

tailscale.com/expose: "true"

is applied, but all the other labels seem to get stripped. Maybe it's a label-specific thing I'm running into, though.

Answer 3 · 2024-03-17T09:06:39.000Z

$ k apply -f-
apiVersion: v1
kind: ConfigMap
metadata:
  name: test
  annotations:
    tailscale.com/expose: "true"
    tailscale.com/hostname: grafana
    tailscale.com/tags: tag:http
configmap/test created

$ k get cm/test -o yaml
apiVersion: v1
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"ConfigMap","metadata":{"annotations":{"tailscale.com/expose":"true","tailscale.com/hostname":"grafana","tailscale.com/tags":"tag:http"},"name":"test","namespace":"default"}}
    tailscale.com/expose: "true"
    tailscale.com/hostname: grafana
    tailscale.com/tags: tag:http
  creationTimestamp: "2024-03-17T09:04:02Z"
  name: test
  namespace: default
  resourceVersion: "67038746"
  uid: de66c8b1-cf61-450a-b34a-cd3e8393c904

The problem is somewhere on your side, sorry. Maybe a rogue admission webhook?

To wrap this up, I don't think any processing for buildHelmChart is feasible. Right now it outputs exactly what helm rendered, and if you want any processing on top of that, you just wrap that in your own derivation.