Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to pull environment variables with Helm charts

I have my deployment.yaml file within the templates directory of Helm charts with several environment variables for the container I will be running using Helm.

Now I want to be able to pull the environment variables locally from whatever machine the helm is ran so I can hide the secrets that way.

How do I pass this in and have helm grab the environment variables locally when I use Helm to run the application?

Here is some part of my deployment.yaml file

...
...
    spec:
      restartPolicy: Always
      containers:
        - name: sample-app
          image: "sample-app:latest"
          imagePullPolicy: Always
          env:          
            - name: "USERNAME"
              value: "app-username"
            - name: "PASSWORD"
              value: "28sin47dsk9ik"
...
...

How can I pull the value of USERNAME and PASSWORD from local environment variables when I run helm?

Is this possible? If yes, then how do I do this?

like image 887
uberrebu Avatar asked Apr 19 '18 19:04

uberrebu


People also ask

How do you pass values to Helm chart?

Using the --values flag You can use a --values flag in your Helm commands to override the values in a chart and pass in a new file. Specify the name of the new file after the --values flag in the Helm command. Example: helm upgrade --install <service> -f values.

How do I find Helm chart values?

You can use helm -n <namespace> get values <release-name> to just get the values install used/computed rather than the whole chart and everything, or helm -n <namespace> get manifest <release-name> to view the generated resource configurations††.

What is $_ in Helm?

The $_ is used to suppress undesired output as "set" returns the new dictionary. The above returns: - name: mongod-none. Any values added to the dictionary will live beyond the call. If you want to avoid polluting an existing dictionary you can force a deep copy with: {{- $d := merge (dict) . -}}

What is apiVersion in Helm chart?

The apiVersion FieldA dependencies field defining chart dependencies, which were located in a separate requirements. yaml file for v1 charts (see Chart Dependencies). The type field, discriminating application and library charts (see Chart Types).


2 Answers

You can export the variable and use it while running helm install.

Before that, you have to modify your chart so that the value can be set while installation.

Skip this part, if you already know, how to setup template fields.


As you don't want to expose the data, so it's better to have it saved as secret in kubernetes.

First of all, add this two lines in your Values file, so that these two values can be set from outside.

username: root
password: password

Now, add a secret.yaml file inside your template folder. and, copy this code snippet into that file.

apiVersion: v1
kind: Secret
metadata:
  name: {{ .Release.Name }}-auth
data:
  password: {{ .Values.password | b64enc }}
  username: {{ .Values.username | b64enc }}

Now tweak your deployment yaml template and make changes in env section, like this

...
...
    spec:
      restartPolicy: Always
      containers:
        - name: sample-app
          image: "sample-app:latest"
          imagePullPolicy: Always
          env:          
          - name: "USERNAME"
            valueFrom:
              secretKeyRef:
                key:  username
                name: {{ .Release.Name }}-auth
          - name: "PASSWORD"
            valueFrom:
              secretKeyRef:
                key:  password
                name: {{ .Release.Name }}-auth
...
...

If you have modified your template correctly for --set flag, you can set this using environment variable.

$ export USERNAME=root-user

Now use this variable while running helm install,

$ helm install --set username=$USERNAME ./mychart

If you run this helm install in dry-run mode, you can verify the changes,

$ helm install --dry-run --set username=$USERNAME --debug ./mychart
[debug] Created tunnel using local port: '44937'

[debug] SERVER: "127.0.0.1:44937"

[debug] Original chart version: ""
[debug] CHART PATH: /home/maruf/go/src/github.com/the-redback/kubernetes-yaml-drafts/helm-charts/mychart

NAME:   irreverant-meerkat
REVISION: 1
RELEASED: Fri Apr 20 03:29:11 2018
CHART: mychart-0.1.0
USER-SUPPLIED VALUES:
username: root-user

COMPUTED VALUES:
password: password
username: root-user

HOOKS:
MANIFEST:

---
# Source: mychart/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: irreverant-meerkat-auth
data:
  password: password
  username: root-user
---
# Source: mychart/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: irreverant-meerkat
  labels:
    app: irreverant-meerkat
spec:
  replicas: 1
  template:
    metadata:
      name: irreverant-meerkat
      labels:
        app: irreverant-meerkat
    spec:
      containers:
      - name: irreverant-meerkat
        image: alpine
        env:
        - name: "USERNAME"
          valueFrom:
            secretKeyRef:
              key:  username
              name: irreverant-meerkat-auth
        - name: "PASSWORD"
          valueFrom:
            secretKeyRef:
              key:  password
              name: irreverant-meerkat-auth

        imagePullPolicy: IfNotPresent
      restartPolicy: Always
  selector:
    matchLabels:
      app: irreverant-meerkat

You can see that the data of username in secret has changed to root-user.

I have added this example into github repo.

There is also some discussion in kubernetes/helm repo regarding this. You can see this issue to know about all other ways to use environment variables.

like image 147
Abdullah Al Maruf - Tuhin Avatar answered Oct 23 '22 14:10

Abdullah Al Maruf - Tuhin


you can pass env key value from the value yaml by setting the deployment yaml as below :

spec:
  restartPolicy: Always
  containers:
    - name: sample-app
      image: "sample-app:latest"
      imagePullPolicy: Always
      env:          
        {{- range $name, $value := .Values.env }}
        - name: {{ $name }}
          value: {{ $value }}
        {{- end }}

in the values.yaml :

env:          
 - name: "USERNAME"
   value: ""
 - name: "PASSWORD"
   value: ""

when you install the chart you can pass the username password value

helm install chart_name --name release_name --set env.USERNAME="app-username" --set env.PASSWORD="28sin47dsk9ik"
like image 35
Ramzi Hosisey Avatar answered Oct 23 '22 12:10

Ramzi Hosisey