Deleting a default key does not work as expected #12594
Description
We are experiencing an issue with deleting a default key:
# Chart.yaml
apiVersion: v2
name: seccompProfile-debug
version: "0.0.1"
dependencies:
- name: postgresql
version: 13.0.0
repository: https://charts.bitnami.com/bitnami# values-env.yaml
postgresql:
primary:
containerSecurityContext:
# only used for diagnostics in this issue
runAsUser: "values-env.yaml"
seccompProfile: nullThe expected result is that the seccompProfile key is not present in the rendered template. However this is not the case in this setting:
values.yaml file does not exist
$ helm template . -f values-env.yaml | grep -A20 -e '- name: postgresql' | grep -A4 'runAsUser:'
runAsUser: values-env.yaml
seccompProfile:
type: RuntimeDefault
env:
- name: BITNAMI_DEBUGseccompProfile: nullis ignored and filled with the default instead
values.yaml exists with seccompProfile: null
# values.yaml
postgresql:
primary:
containerSecurityContext:
runAsUser: "values.yaml"
seccompProfile: nullhelm template . -f values-env.yaml | grep -A20 -e '- name: postgresql' | grep -A4 'runAsUser:'
runAsUser: values-env.yaml
env:
- name: BITNAMI_DEBUG
value: "false"
- name: POSTGRESQL_PORT_NUMBER- Overwrite for
runAsUserworked since we getvalues-env.yaml seccompProfile: nullwas respected, since the key is no longer present in the output- This is our current workaround
values.yaml exists with no seccompProfile set
# values.yaml
postgresql:
primary:
containerSecurityContext:
runAsUser: "values.yaml"$ helm template . -f values-env.yaml | grep -A20 -e '- name: postgresql' | grep -A4 'runAsUser:'
runAsUser: values-env.yaml
seccompProfile:
type: RuntimeDefault
env:
- name: BITNAMI_DEBUGseccompProfile: nullis ignored and filled with the default instead
seccompProfile key removed from values-env.yaml and values.yaml exists with seccompProfile: null set
# values-env.yaml
postgresql:
primary:
containerSecurityContext:
# only used for diagnostics in this issue
runAsUser: "values-env.yaml"# values.yaml
postgresql:
primary:
containerSecurityContext:
runAsUser: "values.yaml"
seccompProfile: null$ helm template . -f values-env.yaml | grep -A20 -e '- name: postgresql' | grep -A4 'runAsUser:'
runAsUser: values-env.yaml
seccompProfile:
type: RuntimeDefault
env:
- name: BITNAMI_DEBUGseccompProfile: nullis ignored and filled with the default instead
values-env.yaml is renamed to values.yaml
# values.yaml
postgresql:
primary:
containerSecurityContext:
# only used for diagnostics in this issue
runAsUser: "values-env.yaml"
seccompProfile: null$ # Note the change from '-f values-env.yaml' to '-f values.yaml'
$ helm template . -f values.yaml | grep -A20 -e '- name: postgresql' | grep -A4 'runAsUser:'
runAsUser: values-env.yaml
env:
- name: BITNAMI_DEBUG
value: "false"
- name: POSTGRESQL_PORT_NUMBERseccompProfile: nullwas respected, since the key is no longer present in the output
Summary
We only got this to work in two settings:
- We include the same override, i.e.
seccompProfile: nullintovalues.yaml - We ditch
values-env.yamlcompletely and move everything intovalues.yaml
Output of helm version: version.BuildInfo{Version:"v3.12.3", GitCommit:"3a31588ad33fe3b89af5a2a54ee1d25bfe6eaa5e", GitTreeState:"clean", GoVersion:"go1.20.7"}
Output of kubectl version: v1.28.4