Background

Whilst this site will be filled with all types of stuff, I’ll also push up nichè scripts and bits of work that I’m sure someone out there will need at some point.

In our move from Google App Engine to Kubernetes (many many reasons why this is good by the way), we needed to move around 60 environment variables from their current list format e.g

env_varables:
    SENDGRID_API_KEY: akey
    A_MAIL_SERVICE_KEY: anotherbigkey
    AN_EXTERNAL_API: anexternalapi

Into a Kubernetes secret and deployment file.

Our DevOps guy asked “Is there an easier way to do this?” To which I said “Give me an hour”

3 hours later, I created this scruffy script that ingests a file full of environment variables and spits out 2 files

Repository

https://github.com/rexchoppers/k8s-secret-deployment-generator

All the setup instructions are in the repository

Files

Input file: template.yaml

DB_CREDENTIALS:
  DB_NAME: ADATABASENAME
  DB_PASSWORD: AstrongDBpassword

SENDGRID_API_CREDENTIALS:
  KEY: AstrongAPIkey
  SECRET: AstrongAPIsecret

Output file: deployment.yaml

spec:
  template:
    spec:
      containers:
        - name: acontainer
          image: alpine
          env:
            - name: DB_NAME
              valueFrom:
                secretKeyRef:
                  name: db-credentials
                  key: name
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: db-credentials
                  key: password
            - name: KEY
              valueFrom:
                secretKeyRef:
                  name: sendgrid-api-credentials
                  key: key
            - name: SECRET
              valueFrom:
                secretKeyRef:
                  name: sendgrid-api-credentials
                  key: secret

Output file: secrets.yaml

apiVersion: v1
kind: Secret
metadata:
  name: db-credentials
  namespace: default
type: Opaque
data:
  name: QURBVEFCQVNFTkFNRQ==
  password: QXN0cm9uZ0RCcGFzc3dvcmQ=
---
apiVersion: v1
kind: Secret
metadata:
  name: sendgrid-api-credentials
  namespace: default
type: Opaque
data:
  key: QXN0cm9uZ0FQSWtleQ==
  secret: QXN0cm9uZ0FQSXNlY3JldA==
---