RyanW8 commented 1 year ago

Summary

When using an ApplicationSet with goTemplate set to true it means that you are not able to use standard go templates anywhere in your chart as the controller tries to render the contents.

Motivation

This is a problem for us as we inject secrets into our Pods using the Vault sidecar, configuration of the sidecar is controlled using annotations e.g:

annotations:              
  vault.hashicorp.com/agent-inject-template-aws-creds: |
    {{- with secret "aws-{{.env}}/creds/some-path" -}}
    [default]
    aws_access_key_id = {{ .Data.access_key }}
    aws_secret_access_key = {{ .Data.secret_key }}
    {{- end }}

With this configuration it causes the appset controller to try and render the Vault template but we just want it to render {{.env}}. To work around this we are doing:

annotations
  vault.hashicorp.com/agent-inject-template-aws-creds: |
    {{"{{"}}- with secret "aws-{{.env}}/creds/some-path" -{{"}}"}}
    [default]
    aws_access_key_id = {{"{{"}} .Data.access_key }}
    aws_secret_access_key = {{"{{"}} .Data.secret_key {{"}}"}}
    {{"{{"}}- end {{"}}"}}

Proposal

The go text/template package allows you to override the default delimiters: https://pkg.go.dev/text/template#Template.Delims. If this was exposed as a configuration parameter it would allow us to set the delimiters to something else e.g. {{{ & }}} respectively.

crenshaw-dev commented 1 year ago

Is there a way to wrap the whole thing? e.g.

{{`
bunches of helm things
`}}

RyanW8 commented 1 year ago

Is there a way to wrap the whole thing? e.g.
{{`
bunches of helm things
`}}

In our example I don't think this would work as we're using a variable populated from the list generator to generate the Vault path (see {{.env}} in the example, this comes from the list generator we define)

RyanW8 commented 1 year ago

I think I've found where this would need to be changed:

argoproj / argo-cd

Allow changing of the delimiters used by ApplicationSet goTemplate #12321

Summary

Motivation

Proposal