UNCLASSIFIED - NO CUI

Skip to content

helmrelease template for package chart incorrectly assigns namespace for dependsOn Entries, does not allow override

currently the helmrelease template for packages calls on $.Values.Namespace for the dependsOn entries with a default value of bigbang. due to schema validation there is no $.Values.Namespace field so the default of bigbang is always used. as seen here: https://repo1.dso.mil/big-bang/bigbang/-/blob/master/chart/templates/package/helmrelease.yaml?ref_type=heads#L78 this can be fixed by changing the template to use $.Release.Namespace instead i.e.

{{- if or $gatekeeperDep $kyvernoDep $istioDep $vals.dependsOn }}
  dependsOn:
    {{- if $gatekeeperDep }}
    - name: gatekeeper
      namespace: {{ default "bigbang" $.Release.namespace }}
    {{- end }}
    {{- if $kyvernoDep }}
    - name: kyverno-policies
      namespace: {{ default "bigbang" $.Release.namespace }}
    {{- end }}
    {{- if $istioDep }}
    - name: istio
      namespace: {{ default "bigbang" $.Release.namespace }}
    {{- end -}}
    {{- if $vals.dependsOn }}
    {{- toYaml $vals.dependsOn | nindent 4 }}
    {{- end }}
  {{- end }}

UNCLASSIFIED - NO CUI