fix(helm/v2-alpha): Fix chart generation and template rendering issues

camilamacedo86 · camilamacedo86 · commit 3bc73061b335 · 2026-02-02T10:10:00.000Z
This commit resolves multiple issues discovered during Helm chart
testing that prevented charts from rendering correctly in certain
configurations:

- Fix template context in certificate DNS names: metrics certificates
  now use root context ($) instead of current context (.), preventing
  rendering failures in nested template scopes

- Fix service categorization logic: changed from substring matching to
  suffix matching to prevent false positives when chart names contain
  "webhook" or "metrics" keywords

- Fix ServiceMonitor YAML indentation: corrected tls.key field alignment
  to prevent YAML parsing errors

- Enable tracking of dist/chart files in testdata projects for better
  chart verification in version control

- Add integration tests to validate chart consistency across different
  naming configurations (Chart.yaml name vs project name, custom
  kustomize namePrefix)

These fixes ensure Helm charts render correctly regardless of project
naming conventions and improve overall chart generation reliability.

Generate-by: Cursor
diff --git a/.github/workflows/test-helm-samples.yml b/.github/workflows/test-helm-samples.yml
@@ -158,7 +158,7 @@ jobs:
           go mod init test-helm-no-webhooks
           kubebuilder init
           kubebuilder create api --group example.com --version v1 --kind App --controller=true --resource=true
-          kubebuilder edit --plugins=helm.kubebuilder.io/v1-alpha
+          kubebuilder edit --plugins=helm.kubebuilder.io/v2-alpha
 
       - name: Build and load Docker image
         working-directory: test-helm-no-webhooks
diff --git a/.gitignore b/.gitignore
@@ -16,7 +16,9 @@ docs/book/src/docs
 # skip bin dirs
 **/bin
 **/testbin
-**/dist
+
+# skip GoReleaser dist directory (root level only, not testdata)
+/dist
 
 # skip .out files (coverage tests)
 *.out
diff --git a/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/cert-manager/metrics-certs.yaml b/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/cert-manager/metrics-certs.yaml
@@ -11,8 +11,8 @@ metadata:
     namespace: {{ .Release.Namespace }}
 spec:
     dnsNames:
-        - {{ include "project.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" .) }}.{{ .Release.Namespace }}.svc
-        - {{ include "project.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" .) }}.{{ .Release.Namespace }}.svc.cluster.local
+        - {{ include "project.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" $) }}.{{ .Release.Namespace }}.svc
+        - {{ include "project.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" $) }}.{{ .Release.Namespace }}.svc.cluster.local
     issuerRef:
         kind: Issuer
         name: {{ include "project.resourceName" (dict "suffix" "selfsigned-issuer" "context" $) }}
diff --git a/docs/book/src/getting-started/testdata/project/dist/chart/templates/monitoring/servicemonitor.yaml b/docs/book/src/getting-started/testdata/project/dist/chart/templates/monitoring/servicemonitor.yaml
@@ -31,7 +31,7 @@ spec:
             key: tls.crt
         keySecret:
           name: metrics-server-cert
-            key: tls.key
+          key: tls.key
         {{- else }}
         # Development/Test mode (insecure configuration)
         insecureSkipVerify: true
diff --git a/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/cert-manager/metrics-certs.yaml b/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/cert-manager/metrics-certs.yaml
@@ -11,8 +11,8 @@ metadata:
     namespace: {{ .Release.Namespace }}
 spec:
     dnsNames:
-        - {{ include "project.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" .) }}.{{ .Release.Namespace }}.svc
-        - {{ include "project.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" .) }}.{{ .Release.Namespace }}.svc.cluster.local
+        - {{ include "project.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" $) }}.{{ .Release.Namespace }}.svc
+        - {{ include "project.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" $) }}.{{ .Release.Namespace }}.svc.cluster.local
     issuerRef:
         kind: Issuer
         name: {{ include "project.resourceName" (dict "suffix" "selfsigned-issuer" "context" $) }}
diff --git a/pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/helm_templater.go b/pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/helm_templater.go
@@ -258,10 +258,10 @@ func (t *HelmTemplater) substituteCertificateDNSNames(yamlContent string, resour
 		// Metrics certificates should point to metrics service
 		// Use chart-specific resourceName helper for consistent naming with 63-char safety
 		metricsServiceTemplate := "{{ include \"" + t.chartName + ".resourceName\" " +
-			"(dict \"suffix\" \"controller-manager-metrics-service\" \"context\" .) }}"
-		metricsServiceFQDN := metricsServiceTemplate + ".{{ include \"" + t.chartName + ".namespaceName\" . }}.svc"
+			"(dict \"suffix\" \"controller-manager-metrics-service\" \"context\" $) }}"
+		metricsServiceFQDN := metricsServiceTemplate + ".{{ include \"" + t.chartName + ".namespaceName\" $ }}.svc"
 		metricsServiceFQDNCluster := metricsServiceTemplate +
-			".{{ include \"" + t.chartName + ".namespaceName\" . }}.svc.cluster.local"
+			".{{ include \"" + t.chartName + ".namespaceName\" $ }}.svc.cluster.local"
 
 		// Replace placeholders
 		yamlContent = strings.ReplaceAll(yamlContent, "SERVICE_NAME.SERVICE_NAMESPACE.svc", metricsServiceFQDN)
diff --git a/pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/resource_organizer.go b/pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/resource_organizer.go
@@ -163,15 +163,28 @@ func (o *ResourceOrganizer) collectPrometheusResources() []*unstructured.Unstruc
 }
 
 // isWebhookService determines if a service is webhook-related
+// Verifies KIND is "Service" and name ends with "webhook-service" suffix
 func (o *ResourceOrganizer) isWebhookService(service *unstructured.Unstructured) bool {
+	// Only match resources with KIND "Service" (excludes ServiceAccount, ServiceMonitor, etc.)
+	if service.GetKind() != kindService {
+		return false
+	}
 	serviceName := service.GetName()
-	return strings.Contains(serviceName, "webhook")
+	// Use suffix matching to avoid false positives when project names contain "webhook"
+	// e.g., project "test-helm-no-webhooks" should not match webhook services
+	return strings.HasSuffix(serviceName, "webhook-service")
 }
 
 // isMetricsService determines if a service is metrics-related
+// Verifies KIND is "Service" and name ends with "metrics-service" suffix
 func (o *ResourceOrganizer) isMetricsService(service *unstructured.Unstructured) bool {
+	// Only match resources with KIND "Service" (excludes ServiceAccount, ServiceMonitor, etc.)
+	if service.GetKind() != kindService {
+		return false
+	}
 	serviceName := service.GetName()
-	return strings.Contains(serviceName, "metrics")
+	// Use suffix matching to avoid false positives when project names contain "metrics"
+	return strings.HasSuffix(serviceName, "metrics-service")
 }
 
 // collectExtrasResources gathers uncategorized resources that don't fit standard categories
diff --git a/pkg/plugins/optional/helm/v2alpha/scaffolds/internal/templates/chart-templates/servicemonitor.go b/pkg/plugins/optional/helm/v2alpha/scaffolds/internal/templates/chart-templates/servicemonitor.go
@@ -97,7 +97,7 @@ spec:
             key: tls.crt
         keySecret:
           name: metrics-server-cert
-            key: tls.key
+          key: tls.key
         {{ "{{- else }}" }}
         # Development/Test mode (insecure configuration)
         insecureSkipVerify: true
diff --git a/test/e2e/helm/plugin_cluster_test.go b/test/e2e/helm/plugin_cluster_test.go
@@ -128,6 +128,52 @@ var _ = Describe("kubebuilder", func() {
 			By("deploying with fullnameOverride - all resources use the custom name")
 			runHelm(kbc, true, true, false, "custom-operator")
 		})
+
+		It("should work correctly when kustomize uses custom namePrefix", func() {
+			By("generating a full-featured project with webhooks and metrics")
+			generateHelmProject(kbc)
+
+			By("installing Helm")
+			Expect(kbc.InstallHelm()).To(Succeed())
+
+			By("adding custom namePrefix to config/default/kustomization.yaml")
+			kustomizationPath := filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml")
+			content, err := os.ReadFile(kustomizationPath)
+			Expect(err).NotTo(HaveOccurred())
+
+			// Prepend custom namePrefix to the kustomization file
+			modifiedContent := "namePrefix: custom-prefix-\n" + string(content)
+			err = os.WriteFile(kustomizationPath, []byte(modifiedContent), 0o644)
+			Expect(err).NotTo(HaveOccurred())
+
+			By("building installer with custom namePrefix")
+			err = kbc.Make("build-installer")
+			Expect(err).NotTo(HaveOccurred())
+
+			By("generating helm chart with custom namePrefix in kustomize")
+			err = kbc.EditHelmPlugin()
+			Expect(err).NotTo(HaveOccurred())
+
+			By("verifying helm chart uses project name helpers, not kustomize prefix")
+			chartPath := filepath.Join(kbc.Dir, "dist", "chart")
+			projectName := "e2e-" + kbc.TestSuffix
+
+			// Check _helpers.tpl uses project name
+			helpersContent, err := os.ReadFile(filepath.Join(chartPath, "templates", "_helpers.tpl"))
+			Expect(err).NotTo(HaveOccurred())
+			Expect(string(helpersContent)).To(ContainSubstring(`define "` + projectName + `.name"`))
+			Expect(string(helpersContent)).To(ContainSubstring(`define "` + projectName + `.resourceName"`))
+
+			// Verify templates use project name helpers, not kustomize prefix
+			managerContent, err := os.ReadFile(filepath.Join(chartPath, "templates", "manager", "manager.yaml"))
+			Expect(err).NotTo(HaveOccurred())
+			Expect(string(managerContent)).To(ContainSubstring(`include "` + projectName))
+			Expect(string(managerContent)).NotTo(ContainSubstring(`custom-prefix`),
+				"Manager template should not contain kustomize prefix")
+
+			By("deploying with custom kustomize namePrefix - helm chart should still work")
+			runHelm(kbc, true, true, false, "")
+		})
 	})
 })
 
diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/cert-manager/metrics-certs.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/cert-manager/metrics-certs.yaml
@@ -11,8 +11,8 @@ metadata:
     namespace: {{ .Release.Namespace }}
 spec:
     dnsNames:
-        - {{ include "project-v4-with-plugins.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" .) }}.{{ include "project-v4-with-plugins.namespaceName" . }}.svc
-        - {{ include "project-v4-with-plugins.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" .) }}.{{ include "project-v4-with-plugins.namespaceName" . }}.svc.cluster.local
+        - {{ include "project-v4-with-plugins.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" $) }}.{{ include "project-v4-with-plugins.namespaceName" $ }}.svc
+        - {{ include "project-v4-with-plugins.resourceName" (dict "suffix" "controller-manager-metrics-service" "context" $) }}.{{ include "project-v4-with-plugins.namespaceName" $ }}.svc.cluster.local
     issuerRef:
         kind: Issuer
         name: {{ include "project-v4-with-plugins.resourceName" (dict "suffix" "selfsigned-issuer" "context" $) }}
diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/monitoring/servicemonitor.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/monitoring/servicemonitor.yaml
@@ -31,7 +31,7 @@ spec:
             key: tls.crt
         keySecret:
           name: metrics-server-cert
-            key: tls.key
+          key: tls.key
         {{- else }}
         # Development/Test mode (insecure configuration)
         insecureSkipVerify: true
