How do I use Docker environment variable in ENTRYPOINT array? issue facing in Kubernetes ,not fetching the env variable,

Question

We're using gitlab for CI/CD.I'll include the script which we're using

services:
  - docker:19.03.11-dind
workflow:
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH == "developer" || $CI_COMMIT_BRANCH == "stage"|| ($CI_COMMIT_BRANCH =~ (/^([A-Z]([0-9][-_])?)?SPRINT(([-_][A-Z][0-9])?)+/i))
      when: always
    - if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH != "developer" || $CI_COMMIT_BRANCH != "stage"|| ($CI_COMMIT_BRANCH !~ (/^([A-Z]([0-9][-_])?)?SPRINT(([-_][A-Z][0-9])?)+/i))
      when: never 
stages:
  - build
  - Publish
  - deploy
cache:
  paths:
    - .m2/repository
    - target

build_jar:
  image: maven:3.8.3-jdk-11
  stage: build
  script: 
    - mvn clean install package -DskipTests=true
  artifacts:
    paths:
      - target/*.jar

docker_build_dev:
  stage: Publish
  image: docker:19.03.11
  services:
    - docker:19.03.11-dind      
  variables:
    IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
  script: 
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build --build-arg environment_name=development -t $IMAGE_TAG .
    - docker push $IMAGE_TAG
  only:
    - /^([A-Z]([0-9][-_])?)?SPRINT(([-_][A-Z][0-9])?)+/i
    - developer

docker_build_stage:
  stage: Publish
  image: docker:19.03.11
  services:
    - docker:19.03.11-dind   
  variables:
    IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
  script: 
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build --build-arg environment_name=stage -t $IMAGE_TAG .
    - docker push $IMAGE_TAG   
  only:
    - stage

deploy_dev:
  stage: deploy
  image: stellacenter/aws-helm-kubectl
  before_script:
    - aws configure set aws_access_key_id ${DEV_AWS_ACCESS_KEY_ID}
    - aws configure set aws_secret_access_key ${DEV_AWS_SECRET_ACCESS_KEY}
    - aws configure set region ${DEV_AWS_DEFAULT_REGION}
  script:
    - sed -i "s/<VERSION>/${CI_COMMIT_SHORT_SHA}/g" patient-service.yml     
    - mkdir -p  $HOME/.kube
    - cp $KUBE_CONFIG_DEV $HOME/.kube/config
    - chown $(id -u):$(id -g) $HOME/.kube/config 
    - export KUBECONFIG=$HOME/.kube/config
    - kubectl apply -f  patient-service.yml -n ${KUBE_NAMESPACE_DEV}
  only:
    - /^([A-Z]([0-9][-_])?)?SPRINT(([-_][A-Z][0-9])?)+/i
    - developer

deploy_stage:
  stage: deploy
  image: stellacenter/aws-helm-kubectl
  before_script:
    - aws configure set aws_access_key_id ${DEV_AWS_ACCESS_KEY_ID}
    - aws configure set aws_secret_access_key ${DEV_AWS_SECRET_ACCESS_KEY}
    - aws configure set region ${DEV_AWS_DEFAULT_REGION}
  script:
    - sed -i "s/<VERSION>/${CI_COMMIT_SHORT_SHA}/g" patient-service.yml    
    - mkdir -p  $HOME/.kube
    - cp $KUBE_CONFIG_STAGE $HOME/.kube/config
    - chown $(id -u):$(id -g) $HOME/.kube/config 
    - export KUBECONFIG=$HOME/.kube/config
    - kubectl apply -f  patient-service.yml -n ${KUBE_NAMESPACE_STAGE}
  only:
    - stage

According to the script, We just merged the script not to face conflicts/clashes for stage and development while deployment. Previously , we having each docker files for each environment. Now I want to merge the dockerfile also , I merged, but the dockerfile is not fetching. Having clashes in kubernetes. I don't know about kubernetes . I'll enclosed the docker file which I merged.

FROM maven:3.8.3-jdk-11 AS MAVEN_BUILD
COPY pom.xml /build/
COPY src /build/src/
WORKDIR /build/
RUN mvn clean install package -DskipTests=true
FROM openjdk:11
ARG environment_name 
WORKDIR /app
COPY --from=MAVEN_BUILD /build/target/patient-service-*.jar /app/patient-service.jar
ENV PORT 8094
ENV env_var_name=$environment_name
EXPOSE $PORT
ENTRYPOINT ["java","-Dspring.profiles.active= $env_var_name","-jar","/app/patient-service.jar"]

the last line , we used before ,

ENTRYPOINT ["java","-Dspring.profiles.active=development","-jar","/app/patient-service.jar"]

at the time, its working fine, I'm not facing any issue on kubernetes. I'd just add environment variable to fetch along with whether development or stage. You can check ,my script after the docker build. After adding the varaible only , we facing the clashes. Please help me to sort it out this. Thanks in advance

Answer 1

It's common practice to use an entrypoint.sh script that does hold the necessary logic. It can easily consume the environment variables and additionally validate them and act accordingly.

https://github.com/docker-library/docker/blob/master/dockerd-entrypoint.sh is a complex example from the dockerd daemon.

Answer 2

As already mentioned in the question in the comment section, you would need to execute a shell form, because the exec form won't do directly do variable substitution.

ENTRYPOINT ["java","-Dspring.profiles.active= $env_var_name","-jar","/app/patient-service.jar"]

needs to be

ENTRYPOINT [ "sh", "-c", "java","-Dspring.profiles.active=$env_var_name","-jar","/app/patient-service.jar" ]

Relevant documentation from Docker Docs: Shell form ENTRYPOINT example

Unlike the shell form, the exec form does not invoke a command shell. This means that normal shell processing does not happen. For example, ENTRYPOINT [ "echo", "$HOME" ] will not do variable substitution on $HOME. If you want shell processing then either use the shell form or execute a shell directly, for example: ENTRYPOINT [ "sh", "-c", "echo $HOME" ]. When using the exec form and executing a shell directly, as in the case for the shell form, it is the shell that is doing the environment variable expansion, not docker.