Skip to content

YAML Parse error when using caNamespaces: ["*"] #76

New issue
New issue
Open
Open
YAML Parse error when using caNamespaces: ["*"]#76
Labels
kind/bugCategorizes issue or PR as related to a bug.lifecycle/keepDenotes an issue or PR that should be preserved from going stale.
@Twinki14

Description

@Twinki14
Twinki14
opened on Dec 8, 2023

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.
  • I agree to follow the Code of Conduct.

Vault Helm Chart Version

1.20.1

Bank-Vaults Version

1.30.0

Kubernetes Version

1.27.0

Kubernetes Distribution/Provisioner

k3s

Expected Behavior

When using,

values:
  tls:
    caNamespaces:
    - "*"

Alongside the vault helm chart as part of it's values.yaml, the helm install/upgrade will succeed and apply the tls secrets to all namespaces

Actual Behavior

When using,

values:
  tls:
    caNamespaces:
    - "*"

Alongside the vault helm chart as part of it's values.yaml, I'm getting a YAML parse error

Helm upgrade failed: YAML parse error on vault/templates/secret.yaml: error converting YAML to JSON: yaml: line 5: did not find expected alphabetic or numeric character Last Helm logs: preparing upgrade for vault resetting values to the chart's original version

Steps To Reproduce

No response

Logs

No response

Additional Information

I'm using Flux in combination with it's HelmRelease CRD, here's the full YAML

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: vault
spec:
  interval: 30m
  suspend: false
  upgrade:
    remediation:
      # Number of retries that should be attempted on failures before bailing, a negative integer equals to unlimited retries
      retries: 20
  chart:
    spec:
      chart: vault
      version: "1.x"
      sourceRef:
        kind: HelmRepository
        name: bank-vaults-repo
      interval: 12h
  # https://github.com/bank-vaults/vault-helm-chart/blob/main/vault/values.yaml
  values:
    tls:
      caNamespaces:
      - "*"
    unsealer:
      args: ["--mode", "k8s", "--k8s-secret-namespace", "vault", "--k8s-secret-name", "bank-vaults"]
      metrics:
        enabled: true
        serviceMonitor:
          enabled: true
    serviceAccount:
      name: "vault"
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    vault:
      externalConfig:
        auth:
        - type: kubernetes
          roles:
          # Allow every pod in the default namespace to use the secret kv store
          - name: default
            bound_service_account_names: "*"
            bound_service_account_namespaces: "*"
            policies:
            - allow_secrets

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.lifecycle/keepDenotes an issue or PR that should be preserved from going stale.

    Type

    No type

    Projects

    Project backlog

    Status

    🔖 Ready for work

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions