helm reference secret in deployment yaml

Question

I'm looking for a possible way to reference the secrets in my deployment.yaml (1 liner)

Currently I'm using the

containers:
        - name: {{ template "myapp.name" . }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: Always
          env:
            - name: COUCHDB_USER
              valueFrom:
                secretKeyRef:
                  name: {{ .Release.Name }}-secrets
                  key: COUCHDB_USER
            - name: COUCHDB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Release.Name }}-secrets
                  key: COUCHDB_PASSWORD

With the minimal modification possible, I want to achieve something like this:

containers:
        - name: {{ template "myapp.name" . }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: Always
          env:
            - name: COUCHDB_URL
              value: http://${COUCHDB_USER}:${COUCHDB_PASSWORD}@{{ .Release.Name }}-couchdb:5984

Just carious if I can do this in 1 step in during the deployment, instead of passing 2 env vars and parse them in my application.

Abdullah Al Maruf - Tuhin · Accepted Answer · 2019-01-10T07:38:34.477

I am not seeing any way to achieve it without setting COUCHDB_USER and COUCHDB_PASSWORD in container env.

One workaround is, you can specify your secret in container.EnvFrom and all your secret keys will be converted to Environment variables. then, You can use those environment variables to create your composite env (ie, COUCHDB_URL).

FYI, To create env from another env in kubernetes, () is used. Curly braces {} won't work at this very moment.

One sample is,

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  COUCHDB_USER: YWRtaW4=
  COUCHDB_PASSWORD: MWYyZDFlMmU2N2Rm
---
apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    envFrom:
    - secretRef:
        name: mysecret
    env:
    - name: COUCHDB_URL
      value: http://$(COUCHDB_USER):$(COUCHDB_PASSWORD)rest-of-the-url

You can confirm, the output by,

$ kubectl exec -it secret-env-pod bash

root@secret-env-pod:/data# env | grep COUCHDB
COUCHDB_URL=http://admin:1f2d1e2e67dfrest-of-the-url
COUCHDB_PASSWORD=1f2d1e2e67df
COUCHDB_USER=admin

In your case, the yaml for container is:

    containers:
    - name: {{ template "myapp.name" . }}
      image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
      imagePullPolicy: Always
      envFrom:
      - secretRef:
          name: {{ .Release.Name }}-secrets
      env:
      - name: COUCHDB_URL
        value: http://$(COUCHDB_USER):$(COUCHDB_PASSWORD)@{{ .Release.Name }}-couchdb:5984

you've meant `http://$(COUCHDB_USER):$(COUCHDB_PASSWORD)@{{ .Release.Name }}-couchdb:5984` — WindyFields, Jan 10 '19 at 06:56
yes. missed the `()` in the last part. Fixed it now. Thanks. @WindyFields — Abdullah Al Maruf - Tuhin, Jan 10 '19 at 07:01
@MarufTuhin small correction for `envFrom:`'s `- secretRef:`: missing a indentation, and thx, works like a charm! — XYZ_Allen, Jan 10 '19 at 14:23

helm reference secret in deployment yaml

1 Answers1