There is a charts folder containing multiple charts.
charts/
foo-chart/
templates/
deployment.yml
secrets.yml
bar-chart/
templates/
configmaps/
script.yml
Defines a token:
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-secret
labels:
app: {{ include "metrics.name" . }}
chart: {{ include "metrics.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
data:
# NOTE: Service token has to fit the NIST requirement
serviceToken: {{ randAscii 40 | b64enc }}
Runs a command which uses an environmental variable which uses a secret:
containers:
command:
- fancy-binary
- -token
- $(AUTH_TOKEN)
env:
- name: AUTH_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-secret
key: serviceToken
Is supposed to run bash command (Django admin-command) and use environmental variable as well:
# Create a Service Token
django-admin service_token_add $(AUTH_TOKEN)
AUTH_TOKEN
going to be visible in script.yml?env
valueFrom
auto-set the value of AUTH_TOKEN
(is deployment going to work)?As long as whatever is using the script.yml
configmap also sets up the env var like you showed for the deployment, sure. (also your indentation is a bit off but that might just be a bad paste)
Answering to your first question, environment variables passed through env
field of a container will be visible everywhere in your container so also in the script you run unless you explicitly unset it.
You can check it by creating this (you should be able to copypaste the example):
apiVersion: v1
kind: Secret
metadata:
name: test-secret
type: Opaque
data:
serviceToken: MTIzNDU2Nzg5MAo= # base64 encoded string: "1234567890"
---
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- args:
- echo
- hello
- $(AUTH_TOKEN)
name: test
env:
- name: AUTH_TOKEN
valueFrom:
secretKeyRef:
name: test-secret
key: serviceToken
image: centos:7
restartPolicy: Never
and then when pod completes, check logs and you will see your token:
$ kubectl logs test
hello 1234567890
The same applies to scripts.
Answering you second question; as you probably already saw in example above, using env valueFrom will indeed auto-set your env to the value from secret.
Let me know if it was helpful.