Reputation: 107
I am trying to deploy a rest api application in kubernetes with helm. Some of the configuration files have credentials in them and I would like to replace the variables inside the helm templates during the deployment with Kubernetes secrets.
Does anyone have a pointer to a documentation where I can explore this please ?
Upvotes: 1
Views: 7383
Reputation: 30208
If you are looking forward to directly deploy the ENV
to the deployment file you can also do it if you can few environment variables however best practices to create the secret and inject them all into the deployment.
here sharing the direct example to inject the secret into the deployment
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ .Chart.Name }}-deployment"
labels:
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
spec:
replicas: {{ .Values.replicaCount }}
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
selector:
matchLabels:
app: "{{ .Chart.Name }}-selector"
version: "current"
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
metadata:
labels:
app: "{{ .Chart.Name }}-selector"
version: "current"
spec:
containers:
- name: "{{ .Chart.Name }}"
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- containerPort: {{ .Values.service.servicePort}}
resources:
requests:
cpu: "{{ .Values.image.resources.requests.cpu }}"
memory: "{{ .Values.image.resources.requests.memory }}"
env:
- name: PORT
value : "{{ .Values.service.servicePort }}"
{{- if .Values.image.livenessProbe }}
livenessProbe:
{{ toYaml .Values.image.livenessProbe | indent 10 }}
{{- end }}
{{- if .Values.image.readinessProbe }}
readinessProbe:
{{ toYaml .Values.image.readinessProbe | indent 10 }}
{{- end }}
values.yaml
image:
repository: nodeserver
tag: 1.0.0
pullPolicy: IfNotPresent
resources:
requests:
cpu: 200m
memory: 300Mi
readinessProbe: {}
# Example (replace readinessProbe: {} with the following):
# readinessProbe:
# httpGet:
# path: /ready
# port: 3000
# initialDelaySeconds: 3
# periodSeconds: 5
livenessProbe: {}
# Example (replace livenessProbe: {} with the following)::
# livenessProbe:
# httpGet:
# path: /live
# port: 3000
# initialDelaySeconds: 40
# periodSeconds: 10
service:
name: Node
type: NodePort
servicePort: 3000
you can see inside the deployment.yaml code block
env:
- name: PORT
value : "{{ .Values.service.servicePort }}"
it's fetching the values from values.yaml
file
service:
name: Node
type: NodePort
servicePort: 3000
if you don't want to update the values.yaml
file you can rewrite the value using the command also
helm install chart my-chart -n namespace-name --set service.servicePort=5000
Upvotes: 1
Reputation: 5568
Create a Secret template in your templates folder. Then, you can pass the values through helm cli.
For example, here is my secret.yaml
file.
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
password: {{ .Values.password | b64enc }}
Now, I can set the value for password
as bellow:
helm install my-chart-instance my-chart -n my-namespace --set password=my-secret-value
Upvotes: 1