How can I pass a Kubernetes secret into my Helm Chart?

By
Keven Krok
-
0
1
Asked By TechWanderer92 On

Hey everyone,

I'm really struggling with something and would love your guidance. I need to pass a Kubernetes secret into my Helm chart but can't seem to figure it out. I've already created the secret, which looks like this:

apiVersion: v1
kind: Secret
metadata:
name: some-secret
namespace: somenamespace
type: Opaque
stringData:
TOKEN: "1233xxxxxx"

Now I want to use this secret in my Helm Chart, specifically in the *templates/datasource.yaml* file for Grafana. Here's how that part looks:

apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDatasource
metadata:
name: prometheus-datasource
namespace: somenamespace
spec:
instanceSelector: {}
allowCrossNamespaceImport: true
datasource:
access: proxy
database: prometheus
jsonData:
timeInterval: 1m
enableSecureSocksProxy: true
secureSocksProxyUsername: "xxxxxxxx" # I want this to use the TOKEN from the secret
name: prometheus-local
type: prometheus
url: someurl:9090

I feel like I've tried everything and am out of ideas. Any help would be greatly appreciated!

3 Answers

Answered By K8sNinja99 On

Have you checked if the dependency chart allows you to specify a secret that holds your token's value? That’s usually the easiest route. If not, you could add it to the appropriate pod or deployment as an environment variable using `fromSecret`, or mount it as a file if the chart setup allows for it. Let me know which chart you are using; that could help too!

TechWanderer92 -

Thanks for the suggestion! The chart is an umbrella chart, so I’m wondering if it will let me do that.

Answered By DevGuru88 On

I totally get your frustration! Helm can be tricky when dealing with existing secrets. Just so you know, Helm can’t access secrets at template render time since that happens before Kubernetes resources are created. The best practice typically involves referencing the secret in the manifest as an env var or a secret mount rather than directly injecting it into your YAML. Can you update the resource to seek the secret at runtime? If you share more about your chart's setup, I can help brainstorm a solution!

TechWanderer92 -

Yes, I'm looking to maintain the integrity of the chart, but I’m open to any ideas you have to work around this.

Answered By HelpfulDev43 On

Check out the way they use the `valueFrom` feature in the Grafana documentation. It might be the key to pulling in your secret as an environment variable! Here’s a link for reference: https://grafana.github.io/grafana-operator/docs/datasources/

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.