helm install with default values fails
If you don't override the default values, more specifically, if you don't specify wpSalts.WP_CRON_CONTROL_SECRET, the helm install command fails.
It give you this very helpful error message:
Error: template: wordpress/templates/statefulset.yaml:25:28: executing "wordpress/templates/statefulset.yaml" at <include (print $.Template.BasePath "/secrets.yaml") .>: error calling include: template: wordpress/templates/secrets.yaml:12:23: executing "wordpress/templates/secrets.yaml" at <tpl .Values.ansibleSecrets .>: error calling tpl: error during tpl function execution for "BACKUP_NAME: {{ .Release.Name }}\nBACKUP_TARGET: {{ .Values.backup.target }}\nDB_HOST: {{ .Release.Name }}-database\nDB_NAME: {{ .Values.database.db.name }}\nDB_PASS: {{ .Values.database.db.password }}\nDB_PREFIX: {{ .Values.wordpress.config.db.prefix}}\nDB_USER: {{ .Values.database.db.user }}\nLANGUAGES: {{ .Values.wordpress.site.languages }}\nDEFAULT_LANG: {{ .Values.wordpress.site.default_language }}\nWP_CONTENT_MOUNT: {{ .Values.wordpress.wp_content.mount_path }}\nWP_CONTENT_REPO_CONTENT_DIR: {{ .Values.git_repo.wp_content_dir }}\nWP_CONTENT_REPO_ENABLED: {{ .Values.git_repo.enabled }}\nWP_CONTENT_REPO_URL: https://{{ .Values.git_repo.token_user }}:{{ .Values.git_repo.token_key }}@{{ .Values.git_repo.url }}{{ .Values.git_repo.name }}\nWP_OPENID_CONNECT_ROLE_MAPPING_ENABLED: {{ .Values.openid_connect_settings.role_mapping_enabled }}\nWP_CONTENT_REPO_VERSION: {{ .Values.git_repo.version }}\nWP_DEBUG: {{ .Values.wordpress.site.debug }}\nWP_EMAIL: {{ .Values.wordpress.config.adm.email }}\nWP_PASS: {{ .Values.wordpress.config.adm.pssw }}\nWP_REDIS_ENABLED: {{ .Values.redis.enabled }}\nWP_REDIS_HOST: {{ .Release.Name }}-redis-master\nWP_REDIS_PASSWORD: {{ .Values.redis.password | default ( randAlphaNum 15 ) }}\nWP_THEME_ACTIVE: {{ .Values.wordpress.theme_active }}\nWP_THEMES_INSTALL: {{ .Values.wordpress.themes_install }}\nWP_THEME_FALLBACK: {{ .Values.wordpress.theme_fallback }}\nWP_TITLE: {{ .Values.wordpress.site.title }}\nWP_UPLOAD_DIR: {{ .Values.wordpress.wp_upload.mount_path }}\nWP_URL: {{ .Values.wordpress.site.url }}\nWP_USER: {{ .Values.wordpress.config.adm.usid }}\nWP_VERSION: {{ .Values.wordpress.site.version }}\nWP_ALT_ENABLED: {{ .Values.wordpress.site.alt.enabled }}\nWP_ALT_CONFIG: {{ .Values.wordpress.site.alt.config }}\nWP_ALT_PATH: {{ .Values.wordpress.site.alt.path }}\nWP_DIR_MODE: {{ .Values.wordpress.permissions.directory_mode }}\nWP_FILES_MODE: {{ .Values.wordpress.permissions.files_mode }}\nWP_MU_PLUGINS_ENABLED: {{ .Values.wordpress.mu_plugins_enabled }}\nWP_MU_PLUGINS_DIR: {{ .Values.wordpress.mu_plugins_dir }}\nWP_MU_PLUGINS: {{ .Values.wordpress.mu_plugins | toJson }}\nWP_MU_CRON_ENABLED: {{ .Values.wordpress.mu_cron.enabled }}\nWP_MU_CRON_SETTINGS: {{ .Values.wordpress.mu_cron | toJson }}\nWP_MULTILINGUAL_ENABLED: {{ .Values.wordpress.site.multilingual.enabled }}\nWP_MULTILINGUAL_PLUGINS: {{ .Values.wordpress.site.multilingual.plugins }}\nWP_MULTILINGUAL_CONFIG: {{ quote .Values.wordpress.site.multilingual.config }}\nWP_OPENID_CONNECT_ENABLED: {{ .Values.openid_connect_settings.enabled }}\nWP_OPENID_CONNECT_SETTINGS:\n alternate_redirect_uri: {{ .Values.openid_connect_settings.alternate_redirect_uri }}\n client_id: {{ .Values.openid_connect_settings.client_id }}\n client_secret: {{ .Values.openid_connect_settings.client_secret }}\n displayname_format: {{ .Values.openid_connect_settings.displayname_format }}\n email_format: {{ .Values.openid_connect_settings.email_format }}\n enable_logging: {{ .Values.openid_connect_settings.enable_logging }}\n endpoint_end_session: {{ .Values.openid_connect_settings.endpoint_end_session }}\n endpoint_login: {{ .Values.openid_connect_settings.endpoint_login }}\n endpoint_token: {{ .Values.openid_connect_settings.endpoint_token }}\n endpoint_userinfo: {{ .Values.openid_connect_settings.endpoint_userinfo }}\n enforce_privacy: {{ .Values.openid_connect_settings.enforce_privacy }}\n http_request_timeout: {{ .Values.openid_connect_settings.http_request_timeout }}\n identify_with_username: {{ .Values.openid_connect_settings.identify_with_username }}\n identity_key: {{ .Values.openid_connect_settings.identity_key }}\n link_existing_users: {{ .Values.openid_connect_settings.link_existing_users }}\n login_type: {{ .Values.openid_connect_settings.login_type }}\n log_limit: {{ .Values.openid_connect_settings.log_limit }}\n nickname_key: {{ .Values.openid_connect_settings.nickname_key }}\n no_sslverify: {{ .Values.openid_connect_settings.no_sslverify }}\n redirect_on_logout: {{ .Values.openid_connect_settings.redirect_on_logout }}\n redirect_user_back: {{ .Values.openid_connect_settings.redirect_user_back }}\n scope: {{ .Values.openid_connect_settings.scope }}\n state_time_limit: {{ .Values.openid_connect_settings.state_time_limit }}\n role_key: {{ .Values.openid_connect_settings.role_key }}\n\nWP_SALTS:\n AUTH_KEY: {{ .Values.wpSalts.AUTH_KEY | default ( randAlphaNum 32) }}\n AUTH_SALT: {{ .Values.wpSalts.AUTH_SALT | default ( randAlphaNum 32) }}\n LOGGED_IN_KEY: {{ .Values.wpSalts.LOGGED_IN_KEY | default ( randAlphaNum 32) }}\n LOGGED_IN_SALT: {{ .Values.wpSalts.LOGGED_IN_SALT | default ( randAlphaNum 32) }}\n NONCE_KEY: {{ .Values.wpSalts.NONCE_KEY | default ( randAlphaNum 32) }}\n NONCE_SALT: {{ .Values.wpSalts.NONCE_SALT | default ( randAlphaNum 32) }}\n SECURE_AUTH_KEY: {{ .Values.wpSalts.SECURE_AUTH_KEY | default ( randAlphaNum 32) }}\n SECURE_AUTH_SALT: {{ .Values.wpSalts.SECURE_AUTH_SALT | default ( randAlphaNum 32) }}\n WP_CACHE_KEY_SALT: {{ .Values.wpSalts.WP_CACHE_KEY_SALT | default ( randAlphaNum 32) }}\n WP_CRON_CONTROL_SECRET: {{ .Values.wpSalts.WP_CRON_CONTROL_SECRET | default ( randAlphaNum 32) }}\n": template: wordpress/templates/statefulset.yaml:71:22: executing "wordpress/templates/statefulset.yaml" at <.Values.wpSalts.AUTH_KEY>: nil pointer evaluating interface {}.AUTH_KEYThe culprit is WP_CRON_CONTROL_SECRET, because we need it in templates/cronjob.yaml. It would be nicest if we can find a way of generating the secret and still have it available in templates/cronjob.yaml as well as in the ansibleSecrets variable.