Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Multiple Env Variables in Helm Charts

I have created common helm charts. In values.yml file, I have set of env variables that need to be set as part of deployment.yaml file.

Snippet of values file.

env:
  name: ABC
  value: 123
  name: XYZ
  value: 567
  name:  PQRS
  value: 345

In deployment.yaml, when the values are referred, only the last name/value are set, other values are overwritten. How to read/set all the names/values in the deployment file?

like image 372
Sunil Gajula Avatar asked Oct 30 '19 11:10

Sunil Gajula


2 Answers

I've gone through a few iterations of how to handle setting sensitive environment variables. Something like the following is the simplest solution I've come up with so far:

template:

{{- if or $.Values.env $.Values.envSecrets }}
env:
  {{- range $key, $value := $.Values.env }}
  - name: {{ $key }}
    value: {{ $value | quote }}
  {{- end }}
  {{- range $key, $secret := $.Values.envSecrets }}
  - name: {{ $key }}
    valueFrom:
      secretKeyRef:
        name: {{ $secret }}
        key: {{ $key | quote }}
  {{- end }}
{{- end }}

values:

env:
  ENV_VAR: value
envSecrets:
  SECRET_VAR: k8s-secret-name

Pros:

syntax is pretty straightforward

keys are easily mergeable. This came in useful when creating CronJobs with shared secrets. I was able to easily override "global" values using the following:

  {{- range $key, $secret := merge (default dict .envSecrets) $.Values.globalEnvSecrets }}

Cons:

This only works for secret keys that exactly match the name of the environment variable, but it seems like that is the typical use case.

like image 154
Sunil Gajula Avatar answered Sep 19 '22 14:09

Sunil Gajula


This is how I solved it in a common helm-chart I developed previously:

          env:
            {{- if .Values.env }}
            {{- toYaml .Values.env | indent 12 }}
            {{- end }}

In the values.yaml:

env:
- name: ENV_VAR
  value: value
# or
- name: ENV_VAR
  valueFrom:
    secretKeyRef:
      name: secret_name
      key: secret_key

An important thing to note here is the indention. Incorrect indentation might lead to a valid helm-chart (yaml file), but the kubernetes API will give an error.

like image 24
Blokje5 Avatar answered Sep 21 '22 14:09

Blokje5