mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-03-14 03:18:42 +08:00
3280772934
## Summary - Fix duplicate YAML mapping keys in `helm/templates/env.yaml` that cause deployment failures with strict YAML parsers ## Problem The `range` loop in `env.yaml` iterates over all `.Values.env` keys and emits them into a Secret. The exclusion filter skips host/port/user keys, but does **not** skip password keys (`MYSQL_PASSWORD`, `REDIS_PASSWORD`, `MINIO_PASSWORD`, `ELASTIC_PASSWORD`, `OPENSEARCH_PASSWORD`). These same keys are then explicitly defined again later in the template, producing duplicate YAML mapping keys. Go's `yaml.v3` (used by Flux's helm-controller for post-rendering) rejects duplicate keys per the YAML spec: ``` Helm install failed: yaml: unmarshal errors: mapping key "MINIO_PASSWORD" already defined mapping key "MYSQL_PASSWORD" already defined mapping key "REDIS_PASSWORD" already defined ``` Plain `helm install` does not surface this because Helm's internal parser (`yaml.v2`) silently accepts duplicate keys (last value wins). ## Fix Add password keys to the exclusion filter on line 12 so they are only emitted by their explicit definitions later in the template. Note: `MINIO_ROOT_USER` is intentionally **not** excluded — it is only emitted by the range loop and has no explicit definition elsewhere. Excluding it causes MinIO to crash with `Missing credential environment variable, "MINIO_ROOT_USER"`. ## Test plan - [ ] Deploy with Flux helm-controller (uses yaml.v3) — no duplicate key errors - [ ] Verify all passwords are present in the rendered Secret - [ ] Verify `MINIO_ROOT_USER` is present in the rendered Secret - [ ] Test with `DOC_ENGINE=elasticsearch` (ELASTIC_PASSWORD) - [ ] Test with `DOC_ENGINE=opensearch` (OPENSEARCH_PASSWORD) Fixes #13135