This issue is related to #9027 which should been fixed in v3.13.0

However, looks like there is inconsistency where some nested sub-chart values are not nulled.

TL;DR

Nulling values remote sub-charts doesn't work, and it's still not possible to remove keys from them (remote means, during the packaging, they are referenced as dependency sub-charts with repository key).

But the sub-charts within the same repo during the packaging don't have that issue (null passed normally).

Details

In Camunda Helm chart, we have different types of dependencies (in-repo, remote, or nested), and some parts are nulled, and some are not.

Let's take this case:

The C8 chart depends on some in-repo and remote sub-charts, let's just focus on Elasticsearch sub-chart as an example:

Reproduce

Here is a minimal values file to reproduce the issue:

Create the custom values file:

# values-custom.yaml

# The vars according to upstream chart here:
# https://artifacthub.io/packages/helm/bitnami/elasticsearch/19.13.2#master-elegible-nodes-parameters
elasticsearch:
  master:
    podSecurityContext:
      fsGroup: null
    containerSecurityContext:
      runAsUser: null

Add Camunda repo:

helm repo add camunda https://helm.camunda.io

Template the chart using the custom file (you will see some irrelevant warnings could be safely ignored like coalesce.go:289: warning: destination for identity.postgresql.networkPolicy):

helm template demo camunda/camunda-platform \
    --version 8.3.0 \
    --values values-custom.yaml \
    --show-only charts/elasticsearch/templates/master/statefulset.yaml

The most important highlight here:
In the Pod securityContext: fsGroup: 1001 (not nulled, still default):

securityContext:
  fsGroup: 1001

In the Container securityContext: runAsUser: 1001 (not nulled, still default):

containers:
  - name: elasticsearch
    image: docker.io/bitnami/elasticsearch:8.7.1
    imagePullPolicy: "IfNotPresent"
    securityContext:
      runAsNonRoot: true
      runAsUser: 1001

And it's the same for any remote sub-chart (happens in Keycloak, and PostgreSQL).

Output of helm version:

version.BuildInfo{Version:"v3.13.1", GitCommit:"3547a4b5bf5edb5478ce352e18858d8a552a4110", GitTreeState:"clean", GoVersion:"go1.20.8"}

Output of kubectl version:

Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.6", GitCommit:"741c8db18a52787d734cbe4795f0b4ad860906d6", GitTreeState:"clean", BuildDate:"2023-09-13T09:21:34Z", GoVersion:"go1.20.8", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v5.0.1
Server Version: version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.5+7d22122", GitCommit:"2fc599b5fd3f060dd20094b520f0f529fd2f52db", GitTreeState:"clean", BuildDate:"2023-06-07T20:30:17Z", GoVersion:"go1.19.9", Compiler:"gc", Platform:"linux/amd64"}

Cloud Provider/Platform (AKS, GKE, Minikube etc.): N/A