helm value app.certmanager.additionalAnnotations interprets "JSON like" string as json and cannot render mainfests #534
Description
Hi I am testing Istio CSR integration with Venafi cloud and it works 🥇 .
However we have a requirement to integrate specific annotation to Venafi CSR requests through the helm value app.certmanager.additionalAnnotations.
literally they should look like this in the CRD Certificate object:
annotations:
venafi.cert-manager.io/custom-fields: |-
[ {"name":"xx", "value": "xx" },
{"name":"xxx", "value": "xxx" }]Creating a certificate with the above annotations works when we manually apply.
The helm chart however interprets it as a map and will not render charts. I have tried multiple way to force helm to not convert it to an array of type map and it always breaks, including:
- setting the value on one line,
- using
--set-string - escaping characters eg
\"
but to no avail.
using a helm values file:
app:
runtimeConfiguration:
name: istio-issuer
certmanager:
additionalAnnotations:
- name: "venafi.cert-manager.io/custom-fields"
value: '[ { "Name": "xxxx", "Value": "xxxx" },{ "Name": "xxx", "Value": "xxx" } ]'
tls:
rootCAFile: "/var/run/secrets/istio-csr/ca.pem"
volumeMounts:
- name: root-ca
mountPath: /var/run/secrets/istio-csr
volumes:
- name: root-ca
secret:
secretName: istio-root-cafrom the cli.
helm template cert-manager-istio-csr jetstack/cert-manager-istio-csr \
--namespace cert-manager \
--set "app.tls.rootCAFile=/var/run/secrets/istio-csr/ca.pem" \
--set "volumeMounts[0].name=root-ca" \
--set "volumeMounts[0].mountPath=/var/run/secrets/istio-csr" \
--set "volumes[0].name=root-ca" \
--set "volumes[0].secret.secretName=istio-root-ca" \
--set "app.runtimeConfiguration.name=istio-issuer" \
--set "app.certmanager.additionalAnnotations[0].name=venafi.cert-manager.io/custom-fields" \
--set-string 'app.certmanager.additionalAnnotations[0].value=[{ "Name":"xxx", "Value":"xxx"},{ "Name":"xxxx", "Value":"xxxx"}]' \
--debugreturns:
install.go:224: 2025-04-24 09:07:37.962847 +1000 AEST m=+0.104820835 [debug] Original chart version: ""
install.go:241: 2025-04-24 09:07:38.067133 +1000 AEST m=+0.209109418 [debug] CHART PATH: cert-manager-istio-csr-v0.14.0.tgz
Error: failed parsing --set-string data: key " \"Value\":\"xxxx\"}" has no value (cannot end with ,)
helm.go:86: 2025-04-24 09:07:38.067476 +1000 AEST m=+0.209452251 [debug] key " \"Value\":\"xxxx\"}" has no value (cannot end with ,)
helm.sh/helm/v3/pkg/strvals.(*parser).key
helm.sh/helm/v3/pkg/strvals/parser.go:264
helm.sh/helm/v3/pkg/strvals.(*parser).parse
helm.sh/helm/v3/pkg/strvals/parser.go:160
helm.sh/helm/v3/pkg/strvals.ParseIntoString
helm.sh/helm/v3/pkg/strvals/parser.go:104
helm.sh/helm/v3/pkg/cli/values.(*Options).MergeValues
helm.sh/helm/v3/pkg/cli/values/options.go:79
main.runInstall
helm.sh/helm/v3/cmd/helm/install.go:244
main.newTemplateCmd.func2
helm.sh/helm/v3/cmd/helm/template.go:95
github.com/spf13/cobra.(*Command).execute
github.com/spf13/[email protected]/command.go:985
github.com/spf13/cobra.(*Command).ExecuteC
github.com/spf13/[email protected]/command.go:1117
github.com/spf13/cobra.(*Command).Execute
github.com/spf13/[email protected]/command.go:1041
main.main
helm.sh/helm/v3/cmd/helm/helm.go:85
runtime.main
runtime/proc.go:272
runtime.goexit
runtime/asm_arm64.s:1223
failed parsing --set-string data
helm.sh/helm/v3/pkg/cli/values.(*Options).MergeValues
helm.sh/helm/v3/pkg/cli/values/options.go:80
main.runInstall
helm.sh/helm/v3/cmd/helm/install.go:244
main.newTemplateCmd.func2
helm.sh/helm/v3/cmd/helm/template.go:95
github.com/spf13/cobra.(*Command).execute
github.com/spf13/[email protected]/command.go:985
github.com/spf13/cobra.(*Command).ExecuteC
github.com/spf13/[email protected]/command.go:1117
github.com/spf13/cobra.(*Command).Execute
github.com/spf13/[email protected]/command.go:1041
main.main
helm.sh/helm/v3/cmd/helm/helm.go:85
runtime.main
runtime/proc.go:272
runtime.goexit
runtime/asm_arm64.s:1223
They all return a slight variation on the same error around rendering an array of maps.