CA_BUNDLE preventing snapshot controller from being installed

[drewburr]

I'm having troubles with the snapshot-controller Helm chart being provided, specifically with the ValidatingWebhookConfiguration having set webhooks.clientConfig.caBundle: ${CA_BUNDLE}. I'm using ArgoCD to apply this chart, which effectively conducts a helm template ... | kubectl apply . As a result, I'm getting the following error:

error decoding from json: illegal base64 data at input byte 0

I'm wondering if Helm is expected to pull the value of CA_BUNDLE from the environment when a helm install is used, and this doesn't happen when a helm template is ran. Would it mase sense to provide a way to explicitly provide an empty string or null in values.yaml to support this flow?

This is the ValidatingWebhookConfiguration spec I'm attempting to apply. When I comment out CA_BUNDLE, all works as expected

---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: "validation-webhook.snapshot.storage.k8s.io"
  labels:
    app.kubernetes.io/name: snapshot-controller
    helm.sh/chart: snapshot-controller-0.2.4
    app.kubernetes.io/instance: snapshot-controller
    app.kubernetes.io/managed-by: Helm
webhooks:
- name: "validation-webhook.snapshot.storage.k8s.io"
  rules:
  - apiGroups:   ["snapshot.storage.k8s.io"]
    apiVersions: ["v1", "v1beta1"]
    operations:  ["CREATE", "UPDATE"]
    resources:   ["volumesnapshots", "volumesnapshotcontents"]
    scope:       "*"
  clientConfig:
    service:
      namespace: "snapshot-controller"
      name: "snapshot-validation-service"
      path: "/volumesnapshot"
      caBundle: ${CA_BUNDLE}
  admissionReviewVersions: ["v1", "v1beta1"]
  sideEffects: None
  failurePolicy: Ignore # We recommend switching to Fail only after successful installation of the webhook server and webhook.
  timeoutSeconds: 2 # This will affect the latency and performance. Finetune this value based on your application's tolerance.