How to pull environment variables with Helm charts
You can export the variable and use it while running helm install.
Before that, you have to modify your chart so that the value can be set while installation.
Skip this part, if you already know, how to setup template fields.
As you don't want to expose the data, so it's better to have it saved as secret in kubernetes.
First of all, add this two lines in your Values file, so that these two values can be set from outside.
username: rootpassword: passwordNow, add a secret.yaml file inside your template folder. and, copy this code snippet into that file.
apiVersion: v1kind: Secretmetadata: name: {{ .Release.Name }}-authdata: password: {{ .Values.password | b64enc }} username: {{ .Values.username | b64enc }}Now tweak your deployment yaml template and make changes in env section, like this
...... spec: restartPolicy: Always containers: - name: sample-app image: "sample-app:latest" imagePullPolicy: Always env: - name: "USERNAME" valueFrom: secretKeyRef: key: username name: {{ .Release.Name }}-auth - name: "PASSWORD" valueFrom: secretKeyRef: key: password name: {{ .Release.Name }}-auth......If you have modified your template correctly for --set flag,you can set this using environment variable.
$ export USERNAME=root-userNow use this variable while running helm install,
$ helm install --set username=$USERNAME ./mychartIf you run this helm install in dry-run mode, you can verify the changes,
$ helm install --dry-run --set username=$USERNAME --debug ./mychart[debug] Created tunnel using local port: '44937'[debug] SERVER: "127.0.0.1:44937"[debug] Original chart version: ""[debug] CHART PATH: /home/maruf/go/src/github.com/the-redback/kubernetes-yaml-drafts/helm-charts/mychartNAME: irreverant-meerkatREVISION: 1RELEASED: Fri Apr 20 03:29:11 2018CHART: mychart-0.1.0USER-SUPPLIED VALUES:username: root-userCOMPUTED VALUES:password: passwordusername: root-userHOOKS:MANIFEST:---# Source: mychart/templates/secret.yamlapiVersion: v1kind: Secretmetadata: name: irreverant-meerkat-authdata: password: password username: root-user---# Source: mychart/templates/deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata: name: irreverant-meerkat labels: app: irreverant-meerkatspec: replicas: 1 template: metadata: name: irreverant-meerkat labels: app: irreverant-meerkat spec: containers: - name: irreverant-meerkat image: alpine env: - name: "USERNAME" valueFrom: secretKeyRef: key: username name: irreverant-meerkat-auth - name: "PASSWORD" valueFrom: secretKeyRef: key: password name: irreverant-meerkat-auth imagePullPolicy: IfNotPresent restartPolicy: Always selector: matchLabels: app: irreverant-meerkatYou can see that the data of username in secret has changed to root-user.
I have added this example into github repo.
There is also some discussion in kubernetes/helm repo regarding this. You can see this issue to know about all other ways to use environment variables.
you can pass env key value from the value yaml by setting the deployment yaml as below :
spec: restartPolicy: Always containers: - name: sample-app image: "sample-app:latest" imagePullPolicy: Always env: {{- range .Values.env }} - name: {{ .name }} value: {{ .value }} {{- end }}in the values.yaml :
env: - name: "USERNAME" value: "" - name: "PASSWORD" value: ""when you install the chart you can pass the username password value
helm install chart_name --name release_name --set env.USERNAME="app-username" --set env.PASSWORD="28sin47dsk9ik"
For those looking to use data structures instead lists for their env variable files, this has worked for me:
spec: containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- range $key, $val := .Values.env }} - name: {{ $key }} value: {{ $val | quote }} {{- end }}values.yaml:
env: FOO: "BAR" USERNAME: "CHANGEME" PASWORD: "CHANGEME"That way I can access specific values by name in other parts of the helm chart and pass the sensitive values via helm command line.