How to pull environment variables with Helm charts
You can export
the variable and use it while running helm install
.
Before that, you have to modify your chart so that the value can be set
while installation.
Skip this part, if you already know, how to setup template fields.
As you don't want to expose the data, so it's better to have it saved as secret in kubernetes.
First of all, add this two lines in your Values
file, so that these two values can be set from outside.
username: rootpassword: password
Now, add a secret.yaml
file inside your template
folder. and, copy this code snippet into that file.
apiVersion: v1kind: Secretmetadata: name: {{ .Release.Name }}-authdata: password: {{ .Values.password | b64enc }} username: {{ .Values.username | b64enc }}
Now tweak your deployment yaml template and make changes in env
section, like this
...... spec: restartPolicy: Always containers: - name: sample-app image: "sample-app:latest" imagePullPolicy: Always env: - name: "USERNAME" valueFrom: secretKeyRef: key: username name: {{ .Release.Name }}-auth - name: "PASSWORD" valueFrom: secretKeyRef: key: password name: {{ .Release.Name }}-auth......
If you have modified your template correctly for --set
flag,you can set this using environment variable.
$ export USERNAME=root-user
Now use this variable while running helm install,
$ helm install --set username=$USERNAME ./mychart
If you run this helm install
in dry-run
mode, you can verify the changes,
$ helm install --dry-run --set username=$USERNAME --debug ./mychart[debug] Created tunnel using local port: '44937'[debug] SERVER: "127.0.0.1:44937"[debug] Original chart version: ""[debug] CHART PATH: /home/maruf/go/src/github.com/the-redback/kubernetes-yaml-drafts/helm-charts/mychartNAME: irreverant-meerkatREVISION: 1RELEASED: Fri Apr 20 03:29:11 2018CHART: mychart-0.1.0USER-SUPPLIED VALUES:username: root-userCOMPUTED VALUES:password: passwordusername: root-userHOOKS:MANIFEST:---# Source: mychart/templates/secret.yamlapiVersion: v1kind: Secretmetadata: name: irreverant-meerkat-authdata: password: password username: root-user---# Source: mychart/templates/deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata: name: irreverant-meerkat labels: app: irreverant-meerkatspec: replicas: 1 template: metadata: name: irreverant-meerkat labels: app: irreverant-meerkat spec: containers: - name: irreverant-meerkat image: alpine env: - name: "USERNAME" valueFrom: secretKeyRef: key: username name: irreverant-meerkat-auth - name: "PASSWORD" valueFrom: secretKeyRef: key: password name: irreverant-meerkat-auth imagePullPolicy: IfNotPresent restartPolicy: Always selector: matchLabels: app: irreverant-meerkat
You can see that the data of username in secret has changed to root-user
.
I have added this example into github repo.
There is also some discussion in kubernetes/helm repo regarding this. You can see this issue to know about all other ways to use environment variables.
you can pass env key value from the value yaml by setting the deployment yaml as below :
spec: restartPolicy: Always containers: - name: sample-app image: "sample-app:latest" imagePullPolicy: Always env: {{- range .Values.env }} - name: {{ .name }} value: {{ .value }} {{- end }}
in the values.yaml :
env: - name: "USERNAME" value: "" - name: "PASSWORD" value: ""
when you install the chart you can pass the username password value
helm install chart_name --name release_name --set env.USERNAME="app-username" --set env.PASSWORD="28sin47dsk9ik"
For those looking to use data structures instead lists for their env variable files, this has worked for me:
spec: containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- range $key, $val := .Values.env }} - name: {{ $key }} value: {{ $val | quote }} {{- end }}
values.yaml:
env: FOO: "BAR" USERNAME: "CHANGEME" PASWORD: "CHANGEME"
That way I can access specific values by name in other parts of the helm chart and pass the sensitive values via helm command line.