Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46733

secretEnvVar: Env vars missing inside container

    Details

    • Similar Issues:

      Description

      I'm trying to use the new sercretEnvVar feature. Perhaps I'm misunderstanding its application... I would expect to see the variables available inside the containers I've created. But when I run env, none of them are present. I've tried using pod and container level env vars, without success. Have I misconfigured something?

      podTemplate(label: 'pull-build-container', inheritFrom: 'default',
        containers: [
          containerTemplate(
            name: 'docker',
            image: 'docker',
            ttyEnabled: true,
            command: 'cat'
          ),
          containerTemplate(
            name: 'awscli',
            image: 'mesosphere/aws-cli',
            ttyEnabled: true,
            command: 'cat',
            envVars: [
              secretEnvVar(key: 'AWS_ACCESS_KEY_ID', secretName: 'ecr-production', secretKey: 'AWS_ACCESS_KEY_ID'),
              secretEnvVar(key: 'AWS_SECRET_ACCESS_KEY', secretName: 'ecr-production', secretKey: 'AWS_SECRET_ACCESS_KEY'),
              secretEnvVar(key: 'REGION', secretName: 'ecr-production', secretKey: 'REGION'),
              secretEnvVar(key: 'REGISTRY_ID', secretName: 'ecr-production', secretKey: 'REGISTRY_ID')
            ]
          )
        ],
        volumes: [
          emptyDirVolume(mountPath: '/tmp', memory: false),
          hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock')
        ]
      ) {
        node('pull-build-container') {
          env.CONTAINER = "${env.REGISTRY_ID}.dkr.ecr.${env.REGION}.amazonaws.com/dockerfiles:latest"
          env.CONTAINER_TAG = "${env.JOB_NAME}-${env.BUILD_NUMBER}-dockerfiles"
      
          stage('pull build container') {
            container('awscli') {
              sh """
                env
                aws ecr get-login \
                --region \$REGION \
                --registry-ids \$REGISTRY_ID \
                --no-include-email \
                > /tmp/ecr_login.sh
              """
            }
      
            container('docker') {
                sh "eval \$(cat /tmp/ecr_login.sh)"
                sh "docker pull ${env.CONTAINER}"
                sh "docker tag ${env.CONTAINER} ${env.CONTAINER_TAG}"
            }
          }
        }
      }
      
      apiVersion: v1
      data:
        AWS_ACCESS_KEY_ID: base64
        AWS_SECRET_ACCESS_KEY: base64
        REGION: base64
        REGISTRY_ID: base64
      kind: Secret
      metadata:
        creationTimestamp: 2017-07-31T19:30:40Z
        name: ecr-production
        namespace: default
        resourceVersion: "6844508"
        selfLink: /api/v1/namespaces/default/secrets/ecr-production
        uid: bcf56baf-7626-11e7-b939-0e14da110b68
      type: Opaque
      

        Attachments

          Activity

          Hide
          pchampon philip champon added a comment -

          I noticed that I was missing the docker plugin, once I installed it, my environment variables populated correctly. Is it possible that the kubernetes plugin is simply missing a dependency? 

          Show
          pchampon philip champon added a comment - I noticed that I was missing the docker plugin, once I installed it, my environment variables populated correctly. Is it possible that the kubernetes plugin is simply missing a dependency? 
          Hide
          csanchez Carlos Sanchez added a comment -

          which docker plugin did you get installed?

          Show
          csanchez Carlos Sanchez added a comment - which docker plugin did you get installed?
          Hide
          pchampon philip champon added a comment -

          I believe it was either Docker plugin 0.16.2 or CloudBees Docker Build and Publish plugin 1.3.2

          Show
          pchampon philip champon added a comment - I believe it was either Docker plugin 0.16.2 or CloudBees Docker Build and Publish plugin 1.3.2
          Hide
          peterw_es Peter Wiebe added a comment - - edited

          I have also defined a secret for a container in a podTemplate and I am getting an error saying that the secret cannot be found.

          I installed the CloudBees Docker plugin which didn't do anything to fix the problem, and I am not sure from the number of other Docker plugins which one Philip meant.

          The error that I am getting is:

          INFO: Container is waiting jenkins-slave-1dg93-h5r6d [gcloud]: ContainerStateWaiting(message=secrets "gcloud-creds" not found, reason=CreateContainerConfigError, additionalProperties={})

          And I can confirm that the secret exists in the cluster.

          Carlos Sanchez

          Show
          peterw_es Peter Wiebe added a comment - - edited I have also defined a secret for a container in a podTemplate and I am getting an error saying that the secret cannot be found. I installed the CloudBees Docker plugin which didn't do anything to fix the problem, and I am not sure from the number of other Docker plugins which one Philip meant. The error that I am getting is: INFO: Container is waiting jenkins-slave-1dg93-h5r6d [gcloud]: ContainerStateWaiting(message=secrets "gcloud-creds" not found, reason=CreateContainerConfigError, additionalProperties={}) And I can confirm that the secret exists in the cluster. Carlos Sanchez
          Hide
          peterw_es Peter Wiebe added a comment -

          I managed to fix my problem. I thought I had read that k8s secrets are not namespaced, but apparently they are. So I recreated the secret in the Jenkins namespace and it worked.

          Show
          peterw_es Peter Wiebe added a comment - I managed to fix my problem. I thought I had read that k8s secrets are not namespaced, but apparently they are. So I recreated the secret in the Jenkins namespace and it worked.

            People

            • Assignee:
              peterw_es Peter Wiebe
              Reporter:
              pchampon philip champon
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: