Hello, I'm attempting to use the vault agent sidecar injector https://www.vaultproject.io/docs/platform/k8s/injector/examples/ to inject my adminPassword secret into the jenkins helm chart in kubernetes. It just drops a file (/vault/secrets/adminPassword) with the secret in it in a shared volume.
I'd like to leave the helm chart as standard as possible and use the standard jenkins/jenkins:lts image, but I'm running into an issue. I would like to be able to do something to the effect of using this in my helm values file: adminPassword: "$(cat /vault/secrets/adminPassword)" But when I exec into the jenkins container, I see that command substitution is not being evaluated, but rather it's being treated as a string. In the helm chart, https://github.com/helm/charts/blob/master/stable/jenkins/templates/jenkins-master-deployment.yaml#L168, substitution is happening properly to insert the value of the environment variable, but nested substitution is not occurring. It's not clear to me if this is a sh, tini, gotemplate, or some other issue. # ps auxww USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.1 0.0 1148 4 ? Ss 23:54 0:00 /sbin/tini -- /usr/local/bin/jenkins.sh --argumentsRealm.passwd.admin=$(/bin/cat /vault/secrets/adminpass) --argumentsRealm.roles.admin=admin --httpPort=8080 root 7 130 2.7 4486348 224816 ? Sl 23:54 0:13 java -Duser.home=/var/jenkins_home -Djenkins.model.Jenkins.slaveAgentPort=50000 -jar /usr/share/jenkins/jenkins.war --argumentsRealm.passwd.admin=$(/bin/cat /vault/secrets/adminpass) --argumentsRealm.roles.admin=admin --httpPort=8080 I suppose it's worth nothing that logging in with the password "$(/bin/cat /vault/secrets/adminpass)" does actually work, but this is not what was intended. I'll keep digging to try to understand where the evaluation is getting lost, but if anyone has ideas and if this can be overcome by some escapes that I'm missing or if there's an all-around better solution, I'd greatly appreciate any pointers. Take care -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/f1ecfd86-6bb5-4643-a658-85827e911383%40googlegroups.com.
