youngkingdom/ragflow
1
0
Fork 0
mirror of https://github.com/infiniflow/ragflow.git synced 2026-04-23 20:26:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(helm): exclude password keys from env range loop to prevent duplicate YAML keys (#13136)

Browse Source 
## Summary

- Fix duplicate YAML mapping keys in `helm/templates/env.yaml` that
cause deployment failures with strict YAML parsers

## Problem

The `range` loop in `env.yaml` iterates over all `.Values.env` keys and
emits them into a Secret. The exclusion filter skips host/port/user
keys, but does **not** skip password keys (`MYSQL_PASSWORD`,
`REDIS_PASSWORD`, `MINIO_PASSWORD`, `ELASTIC_PASSWORD`,
`OPENSEARCH_PASSWORD`). These same keys are then explicitly defined
again later in the template, producing duplicate YAML mapping keys.

Go's `yaml.v3` (used by Flux's helm-controller for post-rendering)
rejects duplicate keys per the YAML spec:

```
Helm install failed: yaml: unmarshal errors:
  mapping key "MINIO_PASSWORD" already defined
  mapping key "MYSQL_PASSWORD" already defined
  mapping key "REDIS_PASSWORD" already defined
```

Plain `helm install` does not surface this because Helm's internal
parser (`yaml.v2`) silently accepts duplicate keys (last value wins).

## Fix

Add password keys to the exclusion filter on line 12 so they are only
emitted by their explicit definitions later in the template.

Note: `MINIO_ROOT_USER` is intentionally **not** excluded — it is only
emitted by the range loop and has no explicit definition elsewhere.
Excluding it causes MinIO to crash with `Missing credential environment
variable, "MINIO_ROOT_USER"`.

## Test plan

- [ ] Deploy with Flux helm-controller (uses yaml.v3) — no duplicate key
errors
- [ ] Verify all passwords are present in the rendered Secret
- [ ] Verify `MINIO_ROOT_USER` is present in the rendered Secret
- [ ] Test with `DOC_ENGINE=elasticsearch` (ELASTIC_PASSWORD)
- [ ] Test with `DOC_ENGINE=opensearch` (OPENSEARCH_PASSWORD)

Fixes #13135
This commit is contained in:
Bradley Boveinis
2026-02-24 13:09:31 +10:00
committed by GitHub
parent 91d1a81937
commit 3280772934
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
helm/templates/env.yaml
View File

@ -9,7 +9,7 @@ metadata:
type: Opaque
stringData:
{{- range $key, $val := .Values.env }}
{{- if and $val (ne $key "MYSQL_HOST") (ne $key "MYSQL_PORT") (ne $key "MYSQL_USER") (ne $key "MINIO_HOST") (ne $key "MINIO_PORT") (ne $key "REDIS_HOST") (ne $key "REDIS_PORT") }}
{{- if and $val (ne $key "MYSQL_HOST") (ne $key "MYSQL_PORT") (ne $key "MYSQL_USER") (ne $key "MYSQL_PASSWORD") (ne $key "MINIO_HOST") (ne $key "MINIO_PORT") (ne $key "MINIO_PASSWORD") (ne $key "REDIS_HOST") (ne $key "REDIS_PORT") (ne $key "REDIS_PASSWORD") (ne $key "ELASTIC_PASSWORD") (ne $key "OPENSEARCH_PASSWORD") }}
{{ $key }}: {{ quote $val }}
{{- end }}
{{- end }}