I am using helm/k8s to deploy a third party (prisma) container. The container expects a environment variable in the shape of yaml similar to
port: 4466
managementApiSecret: $PRISMA_SECRET
databases:
default:
connector: postgres
host: postgresql
port: 5432
user: postgres
password: $PG_SECRET
migrations: true
I have access to the postgres password and managementApiSecret as values in a separate secret. I am trying to create pod that fetches the two secrets and uses them to create a environment variable. My currently attempt at a solution looks like this.
containers:
- name: prisma
image: 'prismagraphql/prisma:1.14'
ports:
- name: prisma-4466
containerPort: 4466
env:
- name: PG_SECRET
valueFrom:
secretKeyRef:
name: postgresql
key: postgres-password
- name: PRISMA_CONFIG
value: |
port: 4466
managementApiSecret: $PRISMA_SECRET
databases:
default:
connector: postgres
host: postgresql
port: 5432
user: postgres
password: $PG_SECRET
migrations: true
This does not seem to work (because the secret is evaluated at kubectl apply time?). Is there an alternative way of creating env variables with secret information?
From the envvar doc: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.12/#envvar-v1-core
Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables.
Your second envvar can use the value of the earlier envvar as $(PG_SECRET)