Hi, trying to use secretKeyRef in the HelmRelease values section but doesn't evaluate the secretKeyRef but uses the literal object.

flux2 version: flux version 0.31.1
environment:: GKE

yaml:

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: rabbitmq
spec:
  releaseName: rabbitmq
  chart:
    spec:
      chart: rabbitmq
      sourceRef:
        kind: HelmRepository
        name: bitnami
        namespace: flux-system
  interval: 1h0m0s
  install:
    remediation:
      retries: 3
  values:
    service:
      type: LoadBalancer
    auth:
      password:
        valueFrom:
          secretKeyRef:
            name: rabbitmq-password
            key: value

For checking the secret that created by the rabbitmq chart running :

kubectl get secret rabbitmq -n stage -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}'

result is:

rabbitmq-password: map[valueFrom:map[secretKeyRef:map[key:value name:rabbitmq-password]]]

the secret were not evaluated

Greetings,

helm.toolkit.fluxcd.io is a GitOps Toolkit package API group, which is from Flux v2. This is the Helm Operator repository, which is a legacy project that pre-dates Flux v2. The better place for this report to get some attention is the helm-controller repository.

          secretKeyRef:
            name: rabbitmq-password
            key: value

This appears to be the correct way to reference a secret. You can review the output of the Helm chart with helm get values and helm get template much easier than trying to decode the secret by hand.

I suspect this is a bug in the chart. Can you reproduce it with the Helm CLI? If you create a values.yaml and pass it in with --values you should get similar results from the Helm CLI. Please let us know what you find, (if someone has write access to the helm-controller repo, perhaps this issue can be transferred there...)

Thank you, moved to flux2 repo