Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Env variables in ~/.kube/config are skipped except AWS_PROFILE #207

Open
cscetbon opened this issue May 11, 2020 · 0 comments
Open

Env variables in ~/.kube/config are skipped except AWS_PROFILE #207

cscetbon opened this issue May 11, 2020 · 0 comments

Comments

@cscetbon
Copy link
Contributor

cscetbon commented May 11, 2020
edited
Loading

Description:

Env variables grabbed from user.exec.env are not used

serverless-kubeless/lib/helpers.js

Lines 130 to 135 in 0b62c54

if (env) {
const profile = _.find(env, e => e.name === 'AWS_PROFILE');
if (profile) {
envvars.AWS_PROFILE = profile.value;
}
}

As you can see, only the AWS_PROFILE is used.

I expect those variables to be added to the env used by the aws cli command. In my case I'm trying to unset those variables by using

- name: eks_data
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      env:
      - name: AWS_ACCESS_KEY_ID
      - name: AWS_SECRET_ACCESS_KEY
      command: aws
      args:
      - eks
      - get-token
      - --cluster-name
      - data
      - --role
      - arn:aws:iam::my_role

The reason is that my aws creds to deploy using Serverless are different from the creds used to authenticate with my k8s cluster. But I need to interact with AWS to grab some variables from CF stacks' outputs.

I also found that

serverless-kubeless/lib/helpers.js

Line 129 in 0b62c54

const envvars = Object.assign({}, process.env);
is incorrect cause it's used at

serverless-kubeless/lib/helpers.js

Line 138 in 0b62c54

output = proc.execSync(cmd, envvars);
.
it should be replaced by

const envvars = Object.assign({}, {env: process.env});

Cause it's what expects https://nodejs.org/api/child_process.html#child_process_child_process_execsync_command_options
Or instead variables could be added to process.env and envvars is useless
How to reproduce it (as minimally and precisely as possible):
Have a similar configuration file

- name: eks_data
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      env:
      - name: AWS_ACCESS_KEY_ID
         value: your_access_key_id
      - name: AWS_SECRET_ACCESS_KEY
         value: your_secret_access_key
      command: aws
      args:
      - eks
      - get-token
      - --cluster-name
      - data
      - --role
      - arn:aws:iam::your_role

Set dummy variables in your env and run an sls deploy. Your dummy variables should be overwritten by those found in your ~/.kube/config and your deployment work.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cscetbon