Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to source secrets from file path #49

Open
cpboyd opened this issue Sep 12, 2022 · 1 comment · May be fixed by #50
Open

Ability to source secrets from file path #49

cpboyd opened this issue Sep 12, 2022 · 1 comment · May be fixed by #50

Comments

@cpboyd
Copy link

cpboyd commented Sep 12, 2022

Use case: Vault sidecar injection e.g. https://www.vaultproject.io/docs/platform/k8s/injector/examples#environment-variable-example

Since the entrypoint is /chartmuseum, it's not possible to source as in Hashicorp's examples.

I've also attempted the following, but Kubernetes only seems to interpolate for variable names that have already been defined.

extraArgs:
  - --basic-auth-user=$(cat /vault/secrets/config | awk '{print $1}')
  - --basic-auth-pass=$(cat /vault/secrets/config | awk '{print $2}')

Maybe the optimal solution would be to simply allow a onStart script or something that happens before /chartmuseum starts, so that you could source the environment variables?

@cpboyd
Copy link
Author

cpboyd commented Sep 13, 2022

A workaround, for now, is

extraArgs:
  command: ['/bin/sh', '-c', 'source /vault/secrets/config && /chartmuseum']

Note: the default args don't seem to be passed to /chartmuseum via this method. As Chartmuseum's default port is 8080 anyway, this only really matters for local storage with --storage-local-rootdir={{ .Values.persistence.path }}

@cpboyd cpboyd linked a pull request Sep 13, 2022 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant