Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46733

secretEnvVar: Env vars missing inside container

XMLWordPrintable

      I'm trying to use the new sercretEnvVar feature. Perhaps I'm misunderstanding its application... I would expect to see the variables available inside the containers I've created. But when I run env, none of them are present. I've tried using pod and container level env vars, without success. Have I misconfigured something? 

      podTemplate(label: 'pull-build-container', inheritFrom: 'default',
  containers: [
    containerTemplate(
      name: 'docker',
      image: 'docker',
      ttyEnabled: true,
      command: 'cat'
    ),
    containerTemplate(
      name: 'awscli',
      image: 'mesosphere/aws-cli',
      ttyEnabled: true,
      command: 'cat',
      envVars: [
        secretEnvVar(key: 'AWS_ACCESS_KEY_ID', secretName: 'ecr-production', secretKey: 'AWS_ACCESS_KEY_ID'),
        secretEnvVar(key: 'AWS_SECRET_ACCESS_KEY', secretName: 'ecr-production', secretKey: 'AWS_SECRET_ACCESS_KEY'),
        secretEnvVar(key: 'REGION', secretName: 'ecr-production', secretKey: 'REGION'),
        secretEnvVar(key: 'REGISTRY_ID', secretName: 'ecr-production', secretKey: 'REGISTRY_ID')
      ]
    )
  ],
  volumes: [
    emptyDirVolume(mountPath: '/tmp', memory: false),
    hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock')
  ]
) {
  node('pull-build-container') {
    env.CONTAINER = "${env.REGISTRY_ID}.dkr.ecr.${env.REGION}.amazonaws.com/dockerfiles:latest"
    env.CONTAINER_TAG = "${env.JOB_NAME}-${env.BUILD_NUMBER}-dockerfiles"

    stage('pull build container') {
      container('awscli') {
        sh """
          env
          aws ecr get-login \
          --region \$REGION \
          --registry-ids \$REGISTRY_ID \
          --no-include-email \
          > /tmp/ecr_login.sh
        """
      }

      container('docker') {
          sh "eval \$(cat /tmp/ecr_login.sh)"
          sh "docker pull ${env.CONTAINER}"
          sh "docker tag ${env.CONTAINER} ${env.CONTAINER_TAG}"
      }
    }
  }
}

      apiVersion: v1
data:
  AWS_ACCESS_KEY_ID: base64
  AWS_SECRET_ACCESS_KEY: base64
  REGION: base64
  REGISTRY_ID: base64
kind: Secret
metadata:
  creationTimestamp: 2017-07-31T19:30:40Z
  name: ecr-production
  namespace: default
  resourceVersion: "6844508"
  selfLink: /api/v1/namespaces/default/secrets/ecr-production
  uid: bcf56baf-7626-11e7-b939-0e14da110b68
type: Opaque

            peterw_es Peter Wiebe
            pchampon philip champon
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: