Helm ConfigMap templates use the default value 'true' when the value is set to 'false' in myvalues.yaml

[CrazyPopping]

Hello,

I'm currently trying to deploy this project on my private K8S installation, with some custom restrictions that require me to tinker some things here and there, including disabling apibuilder4elastic certificate verification, using the apibuilder4elastic.validateElasticsearchCertificate set to false.

However, I realized the environment variable is still set to true in the ConfigMap. This seems linked to https://github.com/helm/helm/issues/3308

Axway APIM-ELK version 4.1.0

API-Manager Version 7.7.20210830

Expected behavior

Using kubectl

>kubectl -n mynamespace get configmap axway-elk-apim4elastic-apibuilder4elastic-config -o yaml
apiVersion: v1
data:
  ELASTICSEARCH_CA: config/certificates/ca.crt
  ELASTICSEARCH_HOSTS: https://axway-elk-apim4elastic-elasticsearch:9200
  ELASTICSEARCH_SSL_VERIFICATIONMODE: "false"

Actual behavior

Using kubectl

>kubectl -n mynamespace get configmap axway-elk-apim4elastic-apibuilder4elastic-config -o yaml
apiVersion: v1
data:
  ELASTICSEARCH_CA: config/certificates/ca.crt
  ELASTICSEARCH_HOSTS: https://axway-elk-apim4elastic-elasticsearch:9200
  ELASTICSEARCH_SSL_VERIFICATIONMODE: "true"

Test case sample

In myvalues.yaml, add the variable like this :

apibuilder4elastic:
  validateElasticsearchCertificate: false

Workaround

I modified the file helm/templates/apibuilder4elastic/apibuilder4elastic-config.yaml like suggested in the helm issue :

  ELASTICSEARCH_SSL_VERIFICATIONMODE: {{ hasKey .Values.apibuilder4elastic "validateElasticsearchCertificate" | ternary .Values.apibuilder4elastic.validateElasticsearchCertificate true | quote }}

I have encountered other issues similar to this one, so please let me know if submitting these as issues/bugs is not appropriate as I'm a git newb Regards

[cwiechmann]

Thanks for reporting this issue @Holydian and feel free to create as many issues you want, if you discover a bug or a missing feature.

I checked, what you described and it works for me. I'm using the following in my values file:

apibuilder4elastic: 
  imageTag: "latest"
  replicas: 1
  anmUrl: "https://axway-apim-anm:8090"
  apimgrUrl: "https://apimgr:8075"

  validateElasticsearchCertificate: "false"

And this works for me:

kubectl -n apim get configmap axway-elk-apim4elastic-apibuilder4elastic-config -o yaml
apiVersion: v1
data:
  ADMIN_NODE_MANAGER: https://axway-apim-anm:8090
  API_BUILDER_LOCAL_API_LOOKUP_FILE: ""
  API_BUILDER_SSL_CERT: config/certificates/apibuilder4elastic.crt
  API_BUILDER_SSL_KEY: config/certificates/apibuilder4elastic.key
  API_MANAGER: https://apimgr:8075
  APM_ENABLED: "true"
  APM_SERVER: https://axway-elk-apm-server:8200
  APM_SERVER_CA: ""
  APM_VALIDATE_SERVER_CERT: "false"
  AUTHZ_CONFIG: ""
  ELASTICSEARCH_CA: config/certificates/ca.crt
  ELASTICSEARCH_HOSTS: https://axway-elk-apim4elastic-elasticsearch:9200
  ELASTICSEARCH_SSL_VERIFICATIONMODE: "false"
  LOG_LEVEL: debug
  MANAGEMENT_KPIS_ENABLED: "true"
  PAYLOAD_HANDLING_ENABLED: "true"
  RETENTION_PERIOD_CONFIG: ./config/my-retention-period.json
kind: ConfigMap

I recognized a small difference between my values.yaml file and yours. You are using a "Boolean", as shown in the base-values samples, but this seems not work. To confirm this, I changed my values to:

  validateElasticsearchCertificate: false

And with that, I was able to reproduce your issue.

I'm going to change the default values.yaml file to use a String instead of Booleans in the provided examples.

[CrazyPopping]

Thank you for your quick response. It works for me as well. Indeed I blindly followed the provided example 😄