Helm chart config.configYml failing to accept valid YAML

In sentry-kubernetes v6.0.0, config.configYml was updated to take in YAML instead of the original config format. However, it seems like valid YAML still results in YAML parsing errors within sentry-web, as follows: in "/etc/sentry/config.yml", line 1, column 1 expected <block end>, but found '-'.

For context, we’re using Terraform to provision our Sentry deployment. Both of the following YAML values for config.configYml fail when pushed to prod:

set {
    name  = "config.configYml"
    value = "{slack.client-id: ${var.sentry_config.slack_client_id}, slack.client-secret: ${var.sentry_config.slack_client_secret}, slack.verification-token: ${var.sentry_config.slack_verification_token}	, github-app.id: ${var.sentry_config.github_app_id}, github-app.name: ${var.sentry_config.github_app_name}, github-app.webhook-secret: ${var.sentry_config.github_app_webhook_secret}, github-app.private-key: ${replace(var.sentry_config.github_app_private_key, "/\n/", "\\n")}, github-app.client-id: ${var.sentry_config.github_app_client_id}, github-app.client-secret: ${var.sentry_config.github_app_client_secret}}"
  }

as well as

  set {
    name  = "config.configYml"
    value = <<-EOT
--- 
slack.client-id: "${var.sentry_config.slack_client_id}"	
slack.client-secret: "${var.sentry_config.slack_client_secret}"	
slack.verification-token: "${var.sentry_config.slack_verification_token}"	
github-app.id: ${var.sentry_config.github_app_id}	
github-app.name: "${var.sentry_config.github_app_name}"	
github-app.webhook-secret: "${var.sentry_config.github_app_webhook_secret}"	
github-app.private-key: "${replace(var.sentry_config.github_app_private_key, "/\n/", "\\n")}"	
github-app.client-id: "${var.sentry_config.github_app_client_id}"	
github-app.client-secret: "${var.sentry_config.github_app_client_secret}"	
    EOT
  }

Any ideas on what might be going wrong with our YAML, or if there exists some kind of alternative that can still be provisioned via the helm chart values.yaml?

Without seeing the generated YAML file it is hard to speculate. I can tell the firs version you share is invalid though, as you need double quotes around key names.

Thanks @BYK - good catch. I quoted the key names but am still running into the same issue. Here’s the generated /etc/sentry/config.yml (sensitive values redacted):

system.secret-key: "REDACTED"
postprocess.use-cache-key: 1.0

# This URL will be used to tell Symbolicator where to obtain the Sentry source.
# See https://getsentry.github.io/symbolicator/api/
system.internal-url-prefix: 'http://sentry-web:9000'
symbolicator.enabled: false

################
#    Redis     #
################
redis.clusters:
  default:
    hosts:
      0:
        host: "sentry-sentry-redis-master"
        port: 6379
        password: ""

################
# File storage #
################
# Uploaded media uses these `filestore` settings. The available
# backends are either `filesystem` or `s3`.
filestore.backend: "filesystem"
filestore.options:
  location: "/var/lib/sentry/files"

- '"slack.client-id": REDACTED'
- ' "slack.client-secret": REDACTED'
- ' "slack.verification-token": REDACTED'
- ' "github-app.id": REDACTED'
- ' "github-app.name": REDACTED'
- ' "github-app.webhook-secret": REDACTED'
- ' "github-app.private-key": n-----BEGIN RSA PRIVATE KEY-----REDACTED-----END
  RSA PRIVATE KEY-----n'
- ' "github-app.client-id": REDACTED'
- ' "github-app.client-secret": REDACTED'

This part here seems completely incorrectly formatted. You can use https://yaml-online-parser.appspot.com/ to check your YAML files.

Right, exactly - so it seems there’s something wrong with the YAML parser which parses YAML from the config.configYml value into the values in config.yml. Namely, it seems like the attempt to make config.configYml accept actual YAML is leading to this issue: Updating Sentry config.yaml to support actual yaml. by DandyDeveloper · Pull Request #186 · sentry-kubernetes/charts · GitHub

Thoughts on some way to resolve this issue without directly modifying /etc/sentry/config.yml? Having to go in and manually configure the file would defeat the purpose of using Helm in the first place.

@Yinabled, why don’t you try filing an issue on that repo and see how the developers would respond?

This is not something we wrote or support so we cannot really help you with that.