K
Q

helm reference secret in deployment yaml

1/10/2019

I'm looking for a possible way to reference the secrets in my deployment.yaml (1 liner)

Currently I'm using the

containers:
        - name: {{ template "myapp.name" . }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: Always
          env:
            - name: COUCHDB_USER
              valueFrom:
                secretKeyRef:
                  name: {{ .Release.Name }}-secrets
                  key: COUCHDB_USER
            - name: COUCHDB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Release.Name }}-secrets
                  key: COUCHDB_PASSWORD

With the minimal modification possible, I want to achieve something like this:

containers:
        - name: {{ template "myapp.name" . }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: Always
          env:
            - name: COUCHDB_URL
              value: http://${COUCHDB_USER}:${COUCHDB_PASSWORD}@{{ .Release.Name }}-couchdb:5984

Just carious if I can do this in 1 step in during the deployment, instead of passing 2 env vars and parse them in my application.

-- XYZ_Allen
kubernetes
kubernetes-helm
kubernetes-secrets
yaml

Similar Questions

How to deploy an etcd cluster on a Kubernetes cluster with a previous etcd service
How to connect to an existing kubernetes server and list all pods using java?
Expose port 80 on Digital Ocean's managed Kubernetes without a load balancer
minikube and how to debug api server error
How to route kubernetes nginx-ingress to dashboard in another namespace
How can I use Ambassador with kubernetes?
K8S Nodejs App with multiple routes - how to Ingress it?
Azure kubernetes - multiple managed identity?
Delete a Job and wait until job is deleting in client-go

1 Answer

1/10/2019

I am not seeing any way to achieve it without setting COUCHDB_USER and COUCHDB_PASSWORD in container env.

One workaround is, you can specify your secret in container.EnvFrom and all your secret keys will be converted to Environment variables. then, You can use those environment variables to create your composite env (ie, COUCHDB_URL).

FYI, To create env from another env in kubernetes, () is used. Curly braces {} won't work at this very moment.

One sample is,

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  COUCHDB_USER: YWRtaW4=
  COUCHDB_PASSWORD: MWYyZDFlMmU2N2Rm
---
apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    envFrom:
    - secretRef:
        name: mysecret
    env:
    - name: COUCHDB_URL
      value: http://$(COUCHDB_USER):$(COUCHDB_PASSWORD)rest-of-the-url

You can confirm, the output by,

$ kubectl exec -it secret-env-pod bash

root@secret-env-pod:/data# env | grep COUCHDB
COUCHDB_URL=http://admin:1f2d1e2e67dfrest-of-the-url
COUCHDB_PASSWORD=1f2d1e2e67df
COUCHDB_USER=admin

In your case, the yaml for container is:

    containers:
    - name: {{ template "myapp.name" . }}
      image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
      imagePullPolicy: Always
      envFrom:
      - secretRef:
          name: {{ .Release.Name }}-secrets
      env:
      - name: COUCHDB_URL
        value: http://$(COUCHDB_USER):$(COUCHDB_PASSWORD)@{{ .Release.Name }}-couchdb:5984
-- Abdullah Al Maruf - Tuhin
Source: StackOverflow