flux how do you get value from secret and substitute that with your helm releases

In helm, it is very common to deploy helm with secret values. This secret are typically kubernetes secret. 

To see this in action, we will create a secret and then we will deploy our helm using HelmRelease from Flux (please do not mixed this up with Kustomization - we often used it together)

Here is our secret and this is what it looks like :-


apiVersion: v1
kind: Secret
metadata:
  name: external-dns-credentials
  namespace: kube-system
type: Opaque
stringData:
  tenantId: "tenantId"
  subscriptionId: "subscriptionId"
  resourceGroup: "my-resource-group"
  aadClientId: "myclientId"
  aadClientSecret: "mysecret"


And this is the template that get the value file from a secret and put it into the proper place 

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: external-dns-ext
spec:
  releaseName: external-dns-ext
  targetNamespace: kube-system
  interval: 5m
  chart:
    spec:
      chart: external-dns
      sourceRef:
        kind: HelmRepository
        name: external-dns
        namespace: flux-system
      version: "1.2.0"
  install:
    remediation:
      retries: -1
      remediateLastFailure: true
    crds: Create
  upgrade:
    crds: CreateReplace
    disableHooks: true
    cleanupOnFail: true
    remediation:
      retries: -1
      remediateLastFailure: true
  rollback:
    cleanupOnFail: true
  valuesFrom:
    - kind: Secret
      name: external-dns-credentials
      valuesKey: aadClientId
      targetPath: azure.aadClientId
    - kind:     Secret
      name: external-dns-credentials
      valuesKey: aadClientSecret
      targetPath: azure.aadClientSecret
  values:
    sources:
    - service

The key part is this text in red. Here we are getting the value from secret called external-dns. credentials. "aadClientId" - this is where we will be getting the value from - please look at the secret yaml above   

- kind: Secret
  name: external-dns-credentials
  valuesKey: aadClientId
targetPath: azure.aadClientId

Then targetPath: azure.aadClient. So this means we will render something like 

Final output of our value.yaml and that's what we will be deploying 



azure:
  aadClientId: <aadClient-Id-from-secret-called-external-dns-credentials>
  aadClientSecret:<aadClient-Secret-from-secret-called-external-dns-credentials>









Comments

Post a Comment

Popular posts from this blog

vllm : Failed to infer device type

Trying to run vllm without gpu will typicaly lands you into this issue. To resolve this issue: we can use set these both. Setting one does not work for me. So i had to configure both settings below:- 1.  environment variable CUDA_VISIBLE_DEVICES = "" 2. in the command line, change to use device cpu and remove  tensor-parallel-size. For example, python3 -m vllm.entrypoints.openai.api_server --port 8080 --model deepseek-ai/DeepSeek-R1 --device cpu --trust-remote-code --max-model-len 4096" References https://docs.vllm.ai/en/latest/getting_started/troubleshooting.html#failed-to-infer-device-type
Read more

android studio kotlin source is null error

Image
This org.jetbrains.kotlin.util.FileAnalysisException with a java.lang.IllegalArgumentException: source must not be null is a known issue that can sometimes occur with the Kotlin compiler. It seems to be related to how the compiler analyzes certain source code structures. When this happens, you need to go clean your project and do another rebuild.  For my case, I was trying to test out the databinding = true feature. 
Read more

gemini cli getting file not defined error

Image
 While trying to run gemini cli on my windows linux subsystem, i bump into this error here - "/Roaming/npm/node_modules/@google/gemini-cli/node_modules/undici/lib/web/webidl/index.js:512 webidl.is.File = webidl.util.MakeTypeAssertion(File)"  "ReferenceError: File is not defined" In Node.js, there’s no built-in File (until very recent Node 20+ with experimental WHATWG APIs). So, unless polyfilled, File is undefined, leading to the ReferenceError. And to resolve this, I had to upgrade to node 22 (might work for node 20) and then I was able to run it.
Read more