S1c0r4x
S1c0r4x

Reputation: 107

helm secrets that replace variables inside configurations files

I am trying to deploy a rest api application in kubernetes with helm. Some of the configuration files have credentials in them and I would like to replace the variables inside the helm templates during the deployment with Kubernetes secrets.

Does anyone have a pointer to a documentation where I can explore this please ?

Upvotes: 1

Views: 7383

Answers (2)

Harsh Manvar
Harsh Manvar

Reputation: 30208

If you are looking forward to directly deploy the ENV to the deployment file you can also do it if you can few environment variables however best practices to create the secret and inject them all into the deployment.

here sharing the direct example to inject the secret into the deployment

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: "{{  .Chart.Name }}-deployment"
  labels:
    chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
spec:
  replicas: {{ .Values.replicaCount }}
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 1
  selector:
    matchLabels:
      app: "{{  .Chart.Name }}-selector"
      version: "current"
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
  template:
    metadata:
      labels:
        app: "{{  .Chart.Name }}-selector"
        version: "current"
    spec:
      containers:
      - name: "{{  .Chart.Name  }}"
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        ports:
        - containerPort: {{ .Values.service.servicePort}}
        resources:
          requests:
            cpu: "{{ .Values.image.resources.requests.cpu }}"
            memory: "{{ .Values.image.resources.requests.memory }}"
        env:
          - name: PORT
            value : "{{ .Values.service.servicePort }}"
        {{- if .Values.image.livenessProbe }}
        livenessProbe:
{{ toYaml .Values.image.livenessProbe | indent 10 }}
        {{- end }}
        {{- if .Values.image.readinessProbe }}
        readinessProbe:
{{ toYaml .Values.image.readinessProbe | indent 10 }}
        {{- end }}

values.yaml

image:
  repository: nodeserver
  tag: 1.0.0
  pullPolicy: IfNotPresent 
  resources:
    requests:
      cpu: 200m
      memory: 300Mi
  readinessProbe: {}
  # Example (replace readinessProbe: {} with the following):
  # readinessProbe:
  #   httpGet:
  #     path: /ready
  #     port: 3000
  #   initialDelaySeconds: 3
  #   periodSeconds: 5
  livenessProbe: {}
  # Example (replace livenessProbe: {} with the following)::
  # livenessProbe:
  #   httpGet:
  #     path: /live
  #     port: 3000
  #   initialDelaySeconds: 40
  #   periodSeconds: 10  
service:
  name: Node
  type: NodePort
  servicePort: 3000

you can see inside the deployment.yaml code block

env:
          - name: PORT
            value : "{{ .Values.service.servicePort }}"

it's fetching the values from values.yaml file

service:
  name: Node
  type: NodePort
  servicePort: 3000

if you don't want to update the values.yaml file you can rewrite the value using the command also

helm install chart my-chart -n namespace-name --set service.servicePort=5000 

Upvotes: 1

Emruz Hossain
Emruz Hossain

Reputation: 5568

Create a Secret template in your templates folder. Then, you can pass the values through helm cli.

For example, here is my secret.yaml file.

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  password: {{ .Values.password | b64enc }}

Now, I can set the value for password as bellow:

helm install  my-chart-instance my-chart -n my-namespace --set password=my-secret-value 

Upvotes: 1

Related Questions