As it turns out, this is a limitation of kubernetes 
expansion, 
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/expansion.md#constraints-and-assumptions.

On Wednesday, January 22, 2020 at 8:48:47 PM UTC-8, Joey Freeland wrote:
>
> Hello,
>
> I'm attempting to use the vault agent sidecar injector 
> https://www.vaultproject.io/docs/platform/k8s/injector/examples/ to 
> inject my adminPassword secret into the jenkins helm chart in kubernetes.  
> It just drops a file (/vault/secrets/adminPassword) with the secret in it 
> in a shared volume.
>
> I'd like to leave the helm chart as standard as possible and use the 
> standard jenkins/jenkins:lts image, but I'm running into an issue.
>
> I would like to be able to do something to the effect of using this in my 
> helm values file:
>
> adminPassword: "$(cat /vault/secrets/adminPassword)"
>
> But when I exec into the jenkins container, I see that command 
> substitution is not being evaluated, but rather it's being treated as a 
> string.  In the helm chart, 
> https://github.com/helm/charts/blob/master/stable/jenkins/templates/jenkins-master-deployment.yaml#L168,
>  
> substitution is happening properly to insert the value of the environment 
> variable, but nested substitution is not occurring.  It's not clear to me 
> if this is a sh, tini, gotemplate, or some other issue.
>
> # ps auxww
> USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
> root         1  0.1  0.0   1148     4 ?        Ss   23:54   0:00 
> /sbin/tini -- /usr/local/bin/jenkins.sh 
> --argumentsRealm.passwd.admin=$(/bin/cat /vault/secrets/adminpass) 
> --argumentsRealm.roles.admin=admin --httpPort=8080
> root         7  130  2.7 4486348 224816 ?      Sl   23:54   0:13 java 
> -Duser.home=/var/jenkins_home -Djenkins.model.Jenkins.slaveAgentPort=50000 
> -jar /usr/share/jenkins/jenkins.war 
> --argumentsRealm.passwd.admin=$(/bin/cat /vault/secrets/adminpass) 
> --argumentsRealm.roles.admin=admin --httpPort=8080
>
> I suppose it's worth nothing that logging in with the password "$(/bin/cat 
> /vault/secrets/adminpass)" does actually work, but this is not what was 
> intended.
>
> I'll keep digging to try to understand where the evaluation is getting 
> lost, but if anyone has ideas and if this can be overcome by some escapes 
> that I'm missing or if there's an all-around better solution, I'd greatly 
> appreciate any pointers.
>
> Take care
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/ea38ab81-b698-4216-b177-c0f7c0faa05d%40googlegroups.com.

Reply via email to