From adc69d1bd51fd5b2288000c9285503590c7a8392 Mon Sep 17 00:00:00 2001 From: haseebmalik18 Date: Thu, 26 Feb 2026 21:55:27 -0500 Subject: [PATCH] Fix tpl rendering for TLS hosts in ingress templates #62358 --- chart/templates/api-server/api-server-ingress.yaml | 6 ++++-- chart/templates/flower/flower-ingress.yaml | 6 ++++-- chart/templates/pgbouncer/pgbouncer-ingress.yaml | 2 +- chart/templates/statsd/statsd-ingress.yaml | 2 +- chart/templates/webserver/webserver-ingress.yaml | 6 ++++-- .../helm_tests/apiserver/test_ingress_apiserver.py | 14 ++++++++++++-- .../helm_tests/webserver/test_ingress_flower.py | 14 ++++++++++++-- .../tests/helm_tests/webserver/test_ingress_web.py | 14 ++++++++++++-- 8 files changed, 50 insertions(+), 14 deletions(-) diff --git a/chart/templates/api-server/api-server-ingress.yaml b/chart/templates/api-server/api-server-ingress.yaml index 991e008ba0051..02860382cd117 100644 --- a/chart/templates/api-server/api-server-ingress.yaml +++ b/chart/templates/api-server/api-server-ingress.yaml @@ -55,7 +55,7 @@ spec: {{- if .tls }} {{- if .tls.enabled }} - hosts: - - {{ .name | quote }} + - {{ tpl .name $ | quote }} secretName: {{ .tls.secretName }} {{- end }} {{- end }} @@ -64,7 +64,9 @@ spec: {{- else if .Values.ingress.apiServer.tls.enabled }} tls: - hosts: - {{- .Values.ingress.apiServer.hosts | default (list .Values.ingress.apiServer.host) | toYaml | nindent 8 }} + {{- range .Values.ingress.apiServer.hosts | default (list .Values.ingress.apiServer.host) }} + - {{ tpl . $ | quote }} + {{- end }} secretName: {{ .Values.ingress.apiServer.tls.secretName }} {{- end }} rules: diff --git a/chart/templates/flower/flower-ingress.yaml b/chart/templates/flower/flower-ingress.yaml index fde9db6ecb4a4..f1822338d5d81 100644 --- a/chart/templates/flower/flower-ingress.yaml +++ b/chart/templates/flower/flower-ingress.yaml @@ -55,7 +55,7 @@ spec: {{- if .tls }} {{- if .tls.enabled }} - hosts: - - {{ .name | quote }} + - {{ tpl .name $ | quote }} secretName: {{ .tls.secretName }} {{- end }} {{- end }} @@ -64,7 +64,9 @@ spec: {{- else if .Values.ingress.flower.tls.enabled }} tls: - hosts: - {{- .Values.ingress.flower.hosts | default (list .Values.ingress.flower.host) | toYaml | nindent 8 }} + {{- range .Values.ingress.flower.hosts | default (list .Values.ingress.flower.host) }} + - {{ tpl . $ | quote }} + {{- end }} secretName: {{ .Values.ingress.flower.tls.secretName }} {{- end }} rules: diff --git a/chart/templates/pgbouncer/pgbouncer-ingress.yaml b/chart/templates/pgbouncer/pgbouncer-ingress.yaml index d67d1556af760..e1e5a8d6393a3 100644 --- a/chart/templates/pgbouncer/pgbouncer-ingress.yaml +++ b/chart/templates/pgbouncer/pgbouncer-ingress.yaml @@ -54,7 +54,7 @@ spec: {{- if .tls }} {{- if .tls.enabled }} - hosts: - - {{ .name | quote }} + - {{ tpl .name $ | quote }} secretName: {{ .tls.secretName }} {{- end }} {{- end }} diff --git a/chart/templates/statsd/statsd-ingress.yaml b/chart/templates/statsd/statsd-ingress.yaml index d48ec29085a30..8544bd19d7d7b 100644 --- a/chart/templates/statsd/statsd-ingress.yaml +++ b/chart/templates/statsd/statsd-ingress.yaml @@ -54,7 +54,7 @@ spec: {{- if .tls }} {{- if .tls.enabled }} - hosts: - - {{ .name | quote }} + - {{ tpl .name $ | quote }} secretName: {{ .tls.secretName }} {{- end }} {{- end }} diff --git a/chart/templates/webserver/webserver-ingress.yaml b/chart/templates/webserver/webserver-ingress.yaml index f65f1841f8611..6e0e2f6d3e9b4 100644 --- a/chart/templates/webserver/webserver-ingress.yaml +++ b/chart/templates/webserver/webserver-ingress.yaml @@ -55,7 +55,7 @@ spec: {{- if .tls }} {{- if .tls.enabled }} - hosts: - - {{ .name | quote }} + - {{ tpl .name $ | quote }} secretName: {{ .tls.secretName }} {{- end }} {{- end }} @@ -64,7 +64,9 @@ spec: {{- else if .Values.ingress.web.tls.enabled }} tls: - hosts: - {{- .Values.ingress.web.hosts | default (list .Values.ingress.web.host) | toYaml | nindent 8 }} + {{- range .Values.ingress.web.hosts | default (list .Values.ingress.web.host) }} + - {{ tpl . $ | quote }} + {{- end }} secretName: {{ .Values.ingress.web.tls.secretName }} {{- end }} rules: diff --git a/helm-tests/tests/helm_tests/apiserver/test_ingress_apiserver.py b/helm-tests/tests/helm_tests/apiserver/test_ingress_apiserver.py index c38c8682cfd23..a1c3091ea4846 100644 --- a/helm-tests/tests/helm_tests/apiserver/test_ingress_apiserver.py +++ b/helm-tests/tests/helm_tests/apiserver/test_ingress_apiserver.py @@ -190,8 +190,14 @@ def test_can_ingress_hosts_be_templated(self): "apiServer": { "enabled": True, "hosts": [ - {"name": "*.{{ .Release.Namespace }}.example.com"}, - {"name": "{{ .Values.testValues.scalar }}.example.com"}, + { + "name": "*.{{ .Release.Namespace }}.example.com", + "tls": {"enabled": True, "secretName": "secret1"}, + }, + { + "name": "{{ .Values.testValues.scalar }}.example.com", + "tls": {"enabled": True, "secretName": "secret2"}, + }, {"name": "{{ index .Values.testValues.list 1 }}.example.com"}, {"name": "{{ .Values.testValues.dict.key }}.example.com"}, ], @@ -208,6 +214,10 @@ def test_can_ingress_hosts_be_templated(self): "cc.example.com", "dd.example.com", ] + assert jmespath.search("spec.tls[*]", docs[0]) == [ + {"hosts": ["*.airflow.example.com"], "secretName": "secret1"}, + {"hosts": ["aa.example.com"], "secretName": "secret2"}, + ] def test_backend_service_name(self): docs = render_chart( diff --git a/helm-tests/tests/helm_tests/webserver/test_ingress_flower.py b/helm-tests/tests/helm_tests/webserver/test_ingress_flower.py index 461450c0daa9b..c98617c4a8ee3 100644 --- a/helm-tests/tests/helm_tests/webserver/test_ingress_flower.py +++ b/helm-tests/tests/helm_tests/webserver/test_ingress_flower.py @@ -198,8 +198,14 @@ def test_can_ingress_hosts_be_templated(self): "flower": { "enabled": True, "hosts": [ - {"name": "*.{{ .Release.Namespace }}.example.com"}, - {"name": "{{ .Values.testValues.scalar }}.example.com"}, + { + "name": "*.{{ .Release.Namespace }}.example.com", + "tls": {"enabled": True, "secretName": "secret1"}, + }, + { + "name": "{{ .Values.testValues.scalar }}.example.com", + "tls": {"enabled": True, "secretName": "secret2"}, + }, {"name": "{{ index .Values.testValues.list 1 }}.example.com"}, {"name": "{{ .Values.testValues.dict.key }}.example.com"}, ], @@ -216,6 +222,10 @@ def test_can_ingress_hosts_be_templated(self): "cc.example.com", "dd.example.com", ] + assert jmespath.search("spec.tls[*]", docs[0]) == [ + {"hosts": ["*.airflow.example.com"], "secretName": "secret1"}, + {"hosts": ["aa.example.com"], "secretName": "secret2"}, + ] def test_backend_service_name(self): docs = render_chart( diff --git a/helm-tests/tests/helm_tests/webserver/test_ingress_web.py b/helm-tests/tests/helm_tests/webserver/test_ingress_web.py index 389bae4628dc1..9aa28691043a7 100644 --- a/helm-tests/tests/helm_tests/webserver/test_ingress_web.py +++ b/helm-tests/tests/helm_tests/webserver/test_ingress_web.py @@ -190,8 +190,14 @@ def test_can_ingress_hosts_be_templated(self): "web": { "enabled": True, "hosts": [ - {"name": "*.{{ .Release.Namespace }}.example.com"}, - {"name": "{{ .Values.testValues.scalar }}.example.com"}, + { + "name": "*.{{ .Release.Namespace }}.example.com", + "tls": {"enabled": True, "secretName": "secret1"}, + }, + { + "name": "{{ .Values.testValues.scalar }}.example.com", + "tls": {"enabled": True, "secretName": "secret2"}, + }, {"name": "{{ index .Values.testValues.list 1 }}.example.com"}, {"name": "{{ .Values.testValues.dict.key }}.example.com"}, ], @@ -208,6 +214,10 @@ def test_can_ingress_hosts_be_templated(self): "cc.example.com", "dd.example.com", ] + assert jmespath.search("spec.tls[*]", docs[0]) == [ + {"hosts": ["*.airflow.example.com"], "secretName": "secret1"}, + {"hosts": ["aa.example.com"], "secretName": "secret2"}, + ] def test_backend_service_name(self): docs = render_chart(