We're using Helm to deploy our app to K8s. In 4 different deployment files (one for each service) and a job file for migrations, we have to have an identical set of env variables. Whenever we need to add a new one, we need to add it to all 5 files. Is there a way to share these so new env vars only need to be added once and all 5 files will pick them up (and also cannot ever be out of sync)?
Here's an example of a deployment file (with potentially sensitive values redacted).
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "helm-chart.fullname" . }}-celery
labels:
app.kubernetes.io/name: {{ include "helm-chart.name" . }}-celery
helm.sh/chart: {{ include "helm-chart.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}-celery
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: worker-celery
spec:
replicas: {{ .Values.replicaCountCelery }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "helm-chart.fullname" . }}-celery
app.kubernetes.io/instance: {{ .Release.Name }}-celery
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "helm-chart.fullname" . }}-celery
app.kubernetes.io/instance: {{ .Release.Name }}-celery
spec:
imagePullSecrets:
- name: {{ .Values.imagePullSecretsName }}
containers:
- name: {{ .Chart.Name }}-celery
image: "{{ .Values.appImage.repository }}:{{ .Values.imageTag }}"
imagePullPolicy: {{ .Values.appImage.pullPolicy }}
command: ["celery"]
args: [REDACTED]
env:
- name: DJANGO_DEBUG
value: "{{ .Values.djangoDebug }}"
- name: DATABASE_NAME
value: "{{ .Values.databaseName }}"
- name: DATABASE_USER
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: DATABASE_HOST
value: "myapp-haproxy.{{ .Release.Namespace }}.svc.cluster.local"
- name: MEMCACHED_HOST
value: "myapp-memcached.{{ .Release.Namespace }}.svc.cluster.local"
- name: SENDGRID_USER
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: SENDGRID_PASSWORD
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: STRIPE_LIVE_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: STRIPE_LIVE_SECRET_KEY
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: OBJECT_STORE_ENDPOINT_URL
value: [REDACTED]
- name: OBJECT_STORE_REGION_NAME
value: [REDACTED]
- name: OBJECT_STORE_KEY_ID
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: OBJECT_STORE_ACCESS_KEY
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: OBJECT_STORE_CDN_URL
value: [REDACTED]
- name: QUICKBOOKS_CLIENT_ID
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: QUICKBOOKS_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: QUICKBOOKS_ENVIRONMENT
value: production
- name: XERO_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: XERO_CONSUMER_SECRET
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: SAGE_CLIENT_ID
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: SAGE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: [REDACTED]
key: [REDACTED]
- name: ACCOUNTANCY_REDIRECT_URI_PREFIX
value: [REDACTED]
resources:
{{- toYaml .Values.celeryResources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
I'm not sure if it adds any complications, but you can see that some are using variables from values.yaml (such as {{ .Values.djangoDebug }}), some are referring to Kubernetes secrets and some use the {{ .Release.Namespace }} variable.
Additionally, the indentation required is the same for the 4 deployment files but different for the job file.
I'm trying to share a bunch of env values but also be able to optionally add some extras to some files.
I hope that makes sense? And thanks in advance for your help.
