ENV VAR Injection not working via command:(ENTRYPOINT) - please help!

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version:
Cloud being used: bare - metal
Installation method: On premise
Host OS: Linux
CNI and version:
CRI and version:

I have my live redash reporting app running on my openshift/K8 containers. Recently I am trying to integrate hashicorp vault to inject secrets as ENV VAR. As per Hashicorp Vault documentation, I am using this approach (Vault Agent Sidecar Injector Examples | Vault | HashiCorp Developer) to pass ENV VAR via ENTRYPOINT of Redash Dockerfile. Iam updating my Deployment COnfig on OC Web console to accompilish this, somehow my ENV VAR are not getting set on the containers. Below is the sample yaml which I am trying!. Why ENV VAR is not getting set?

YAML SNIPPET

[....]
    spec:
      containers:
        - resources: {}
          
          name: redash-reporting
          command:
            - /app/bin/docker-entrypoint &&  export AAA=123
          args:
            - server
[...]

REDASH DOCKER FILE’s ENTRYPOINT and CMD for Referencxe

[....]


ENTRYPOINT ["/app/bin/docker-entrypoint"]
CMD ["server"]

Redash Entry file is this , redash/docker-entrypoint at master · getredash/redash · GitHub

I am not sure which example you are following, but they don’t look like the construct you pasted here.

    command:
        ['sh', '-c']
    args:
        ['source /vault/secrets/config && <entrypoint script>']

This is saying sh -c "source /vault/secrets/config && <entrypoint script>" where the quoted string is a valid shell script.

I don’t know what your YAML snippet is trying to express.

As per Hashicorp Vault example, they are sourcing a file which has a group of export envvar=value , that also didn’t work. So for isolating the issue , I am passing a single export envvar=Val . Make sense? Issue is like , I am unable set environment variables via overriding ENTRYPOINT which i referred above

The syntax you pasted doesn’t do what you think it does.

Each element of the command and args lists is a string. So you are trying to execute a command named “/app/bin/docker-entrypoint && export AAA=123”, which means a file named “docker-entrypoint && export AAA=123” in the “/app/bin” directory. I doubt that is what you meant.

The && syntax suggests you want to execute this as a shell script, but you didn’t actually specify that. The hashi example specifically says "sh", "-c", "<the rest>" - invoking a shell and passing the command as a script to it (note: this requires having a shell in your image).

Lastly, the && syntax is serial. Even if this was passed as a sell command (sh -c), it would run your entrypoint, wait for it to complete, and then run the export. Again, I doubt that is what you meant :slight_smile:

Try copying hashi’s example exactly, then see what doesn’t work.

Thanks a lot @thockin for your reply. Basically I need to set an environment variable on the container before entrypoint script runs.

While deploying , I can see the environment variable I put on the logs !!! Happy there , but when I get into POD’ terminal I can’t see that environment variable when I do printenv or env | sort , thoughts?

YAML or it didn’t happen