bulky-area-51023
10/23/2021, 3:41 PMsecret
from stack, and generating kubernetes manifest from it (e.g. environment variable). But it doesn’t seem to be replaced into string value. I’m aware of that the return value of require_secret
is Output[T]
but having some passthrough apply(lambda val: val)
doesn’t work. I think the main problem is that secret
object is not a direct argument of subsequent resource. Any kind of piece of advice would be very appreciatedbillowy-army-68599
10/23/2021, 4:56 PMbulky-area-51023
10/23/2021, 5:43 PMutils.py
,
for secret_key in secret_keys:
try:
secret_value = config.require_secret(secret_key).apply(
lambda val: val
)
except pulumi.ConfigMissingError as cme:
raise cme
richen_manifest['extra_env'].append({
'name': secret_key,
'value': secret_value
})
# this is a jinja2 template rendering...
template.render(manifest)
and in the __main__.py
, we call that rendering part from utils
and then dump it to a temporary file.
with open(tmp_manifest, 'w') as f:
yaml.dump(yaml.load(rendered_manifest), f)
kubernetes.yaml.ConfigFile(
f'events-{server}-{product}-{stage}',
file=tmp_manifest,
opts=ResourceOptions(provider=k8s)
)
And the bare template looks like
containers:
- image: {{ registry }}/{{ image }}:{{ image_tag }}
env:
{% for item in extra_env %}
- name: {{ item.name }}
value: "{{ item.value }}"
{% endfor %}
So the resulting rendering looks like
env:
- name: SCHEMA_REGISTRY_AUTH
value: "<pulumi.output.Output object at 0x7fcc98c51b80>"
billowy-army-68599
10/23/2021, 5:49 PMconfig.require_secret(secret_key).apply(template.render)
etcbulky-area-51023
10/23/2021, 6:47 PMapply
scheme. Is there any other solutions available?billowy-army-68599
10/24/2021, 3:50 PMapply
is there because of technical reasons around when the value is known. Why is it tough to maintain?