secretEnvVar: Env vars missing inside container

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      I'm trying to use the new sercretEnvVar feature. Perhaps I'm misunderstanding its application... I would expect to see the variables available inside the containers I've created. But when I run env, none of them are present. I've tried using pod and container level env vars, without success. Have I misconfigured something? 

      podTemplate(label: 'pull-build-container', inheritFrom: 'default',
  containers: [
    containerTemplate(
      name: 'docker',
      image: 'docker',
      ttyEnabled: true,
      command: 'cat'
    ),
    containerTemplate(
      name: 'awscli',
      image: 'mesosphere/aws-cli',
      ttyEnabled: true,
      command: 'cat',
      envVars: [
        secretEnvVar(key: 'AWS_ACCESS_KEY_ID', secretName: 'ecr-production', secretKey: 'AWS_ACCESS_KEY_ID'),
        secretEnvVar(key: 'AWS_SECRET_ACCESS_KEY', secretName: 'ecr-production', secretKey: 'AWS_SECRET_ACCESS_KEY'),
        secretEnvVar(key: 'REGION', secretName: 'ecr-production', secretKey: 'REGION'),
        secretEnvVar(key: 'REGISTRY_ID', secretName: 'ecr-production', secretKey: 'REGISTRY_ID')
      ]
    )
  ],
  volumes: [
    emptyDirVolume(mountPath: '/tmp', memory: false),
    hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock')
  ]
) {
  node('pull-build-container') {
    env.CONTAINER = "${env.REGISTRY_ID}.dkr.ecr.${env.REGION}.amazonaws.com/dockerfiles:latest"
    env.CONTAINER_TAG = "${env.JOB_NAME}-${env.BUILD_NUMBER}-dockerfiles"

    stage('pull build container') {
      container('awscli') {
        sh """
          env
          aws ecr get-login \
          --region \$REGION \
          --registry-ids \$REGISTRY_ID \
          --no-include-email \
          > /tmp/ecr_login.sh
        """
      }

      container('docker') {
          sh "eval \$(cat /tmp/ecr_login.sh)"
          sh "docker pull ${env.CONTAINER}"
          sh "docker tag ${env.CONTAINER} ${env.CONTAINER_TAG}"
      }
    }
  }
}

      apiVersion: v1
data:
  AWS_ACCESS_KEY_ID: base64
  AWS_SECRET_ACCESS_KEY: base64
  REGION: base64
  REGISTRY_ID: base64
kind: Secret
metadata:
  creationTimestamp: 2017-07-31T19:30:40Z
  name: ecr-production
  namespace: default
  resourceVersion: "6844508"
  selfLink: /api/v1/namespaces/default/secrets/ecr-production
  uid: bcf56baf-7626-11e7-b939-0e14da110b68
type: Opaque

            Assignee:
            Peter Wiebe
            Reporter:
            philip champon
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: