From 0eba895a939742ca9c6fbfd474c699e9d848366c Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Mon, 18 May 2020 15:51:17 -0400 Subject: [PATCH] doc: add environment variable template example (#9019) * doc: add environment variable template example * Update website/pages/docs/platform/k8s/injector/examples.mdx Co-authored-by: Becca Petrin Co-authored-by: Becca Petrin --- .../docs/platform/k8s/injector/examples.mdx | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/website/pages/docs/platform/k8s/injector/examples.mdx b/website/pages/docs/platform/k8s/injector/examples.mdx index 899aa41756..cc9ea3a473 100644 --- a/website/pages/docs/platform/k8s/injector/examples.mdx +++ b/website/pages/docs/platform/k8s/injector/examples.mdx @@ -233,3 +233,45 @@ data: "client_key" = "/vault/tls/client.key" } ``` + +## Environment Variable Example + +The following example demonstrates how templates can be used to create environment +variables. A template should be created that exports a Vault secret as an environment +variable and the application container should source those files during startup. + +```yaml +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web-deployment + labels: + app: web +spec: + replicas: 1 + selector: + matchLabels: + app: web + template: + metadata: + labels: + app: web + annotations: + vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/role: "web" + vault.hashicorp.com/agent-inject-secret-config: "secret/data/web" + # Environment variable export template + vault.hashicorp.com/agent-inject-template-config: | + {{ with secret "secret/data/web" -}} + export api_key="{{ .Data.data.payments_api_key }}" + {{- end }} + spec: + serviceAccountName: web + containers: + - name: web + image: alpine:latest + args: ["sh", "-c", "source /vault/secrets/config && "] + ports: + - containerPort: 9090 +```