Anyone here know how to properly interpolate a helm root-level value like .Release.Namespace
into a secrets path for Vault using the Vault Sidecar injector w/ annotations
properly ?
What I have, but this is not interpolating in the first annotation successfully due to Helm notation (in a template file, not values.yaml
)—
vault.hashicorp.com/agent-inject-template-app-stuff: |
{{`{{- with secret “kv/data/apps/MyApp/{{ .Release.Namespace }}” -}}
export FOO=“{{ .Data.data.FOO }}”
{{- end -}}`}}
vault.hashicorp.com/agent-inject-secret-app-stuff: ‘kv/data/apps/MyApp/{{ .Release.Namespace }}’
The second annotation resolves properly bc it’s a simple string but getting the secret path to resolve in the first one is the issue as it’s just interpreting the text as static :/ (e.g. kv/data/apps/MyApp/{{ .Release.Namespace }}
)
Am I overlooking something silly or should I just re-think this piece altogether ?
Idea is that multiple versions of an app (dev/stage/etc.) will look under the same path up until the actual namespace for that app, tho really I think at its core this is a helm/interpolation technical question 😓