esselius/actual-env-in-container.txt Secret

## actual-env-in-container.txt
$ kubectl exec -it hydra-6d49ff8579-gjvmh sh
$ env | egrep 'URL|NAME'
ENVIRONMENT_NAME=team-ops
DATABASE_URL=postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
HOSTNAME=hydra-6d49ff8579-gjvmh
OAUTH2_LOGIN_URL=$(ENVIRONMENT_URL)/yyy/login
OAUTH2_CONSENT_URL=$(ENVIRONMENT_URL)/yyy/consent
POD_NAME=hydra-6d49ff8579-gjvmh
KUBERNETES_CLUSTER_NAME=staging
POD_NAMESPACE=team-ops
OAUTH2_ISSUER_URL=$(ENVIRONMENT_URL)
ENVIRONMENT_URL=https://$(ENVIRONMENT_NAME).xxx.xxx

## deploy-envs-in-samson-web.txt
OAUTH2_CONSENT_URL="\$(ENVIRONMENT_URL)/yyy/consent"
OAUTH2_ISSUER_URL="\$(ENVIRONMENT_URL)"
OAUTH2_LOGIN_URL="\$(ENVIRONMENT_URL)/yyy/login"
ENVIRONMENT_TYPE="test"
ENVIRONMENT_URL="https://\$(ENVIRONMENT_NAME).xxx.xxx"
SQS_ENDPOINT="http://localstack:31000"
ENVIRONMENT_NAME="\$(DEPLOY_GROUP)"
AWS_ACCESS_KEY_ID="invalid"
AWS_SECRET_ACCESS_KEY="invalid"
AWS_REGION="eu-west-1"

## expected-env-in-container.txt
ENVIRONMENT_NAME=team-ops
DATABASE_URL=postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
HOSTNAME=hydra-6d49ff8579-gjvmh
OAUTH2_LOGIN_URL=https://team-ops.xxx.xxx/yyy/login
OAUTH2_CONSENT_URL=https://team-ops.xxx.xxx/yyy/consent
POD_NAME=hydra-6d49ff8579-gjvmh
KUBERNETES_CLUSTER_NAME=staging
POD_NAMESPACE=team-ops
OAUTH2_ISSUER_URL=https://team-ops.xxx.xxx
ENVIRONMENT_URL=https://team-ops.xxx.xxx

## hydra-on-disk.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: hydra
  labels:
    project: hydra
    role: server
spec:
  selector:
    matchLabels:
      project: hydra
      role: server
  strategy:
    rollingUpdate:
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      labels:
        project: hydra
        role: server
        foo: bar
    spec:
      initContainers:
      - name: migrate
        samson/dockerfile: none
        image: oryd/hydra:v1.0.0-beta.9-alpine
        env:
        - name: DATABASE_URL
          value: postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
        args: ['migrate', 'sql', '-e']
      containers:
      - name: hydra
        samson/dockerfile: none
        image: oryd/hydra:v1.0.0-beta.9-alpine
        imagePullPolicy: Always
        args: ['serve', 'all', '--dangerous-force-http']
        env:
        - name: ENVIRONMENT_URL
          value: https://xxx.xxx.xxx
        - name: OAUTH2_ISSUER_URL
          value: $(ENVIRONMENT_URL)
        - name: OAUTH2_CONSENT_URL
          value: $(ENVIRONMENT_URL)/yyy/consent
        - name: OAUTH2_LOGIN_URL
          value: $(ENVIRONMENT_URL)/yyy/login
        - name: DATABASE_URL
          value: postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
        - name: SYSTEM_SECRET
          value: youReallyNeedToChangeThis
        - name: OAUTH2_SHARE_ERROR_DEBUG
          value: '1'
        - name: OIDC_SUBJECT_TYPES_SUPPORTED
          value: public,pairwise
        - name: OIDC_SUBJECT_TYPE_PAIRWISE_SALT
          value: youReallyNeedToChangeThis
        ports:
        - containerPort: 4444
        - containerPort: 4445
        livenessProbe:
          httpGet:
            path: /health/alive
            port: 4445
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /health/ready
            port: 4445
          periodSeconds: 30

## hydra-pod-in-practice.yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    samson/deploy_url: https://zzz.zzz.zzz/projects/hydra-config/deploys/2308
  creationTimestamp: 2019-01-08T08:15:25Z
  generateName: hydra-6d49ff8579-
  labels:
    deploy_group: team-ops
    deploy_group_id: "7"
    deploy_id: "2308"
    foo: bar
    pod-template-hash: "1986527261"
    project: hydra
    project_id: "60"
    release_id: "2199"
    revision: 5185e20a6543846e4cd3793c410620138c119688
    role: server
    role_id: "59"
    tag: ops-808
  name: hydra-6d49ff8579-gjvmh
  namespace: team-ops
  ownerReferences:
  - apiVersion: extensions/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: hydra-6d49ff8579
    uid: 8d0b24ac-131d-11e9-be6a-0206f8c1a7a2
  resourceVersion: "31397437"
  selfLink: /api/v1/namespaces/team-ops/pods/hydra-6d49ff8579-gjvmh
  uid: 8d0f8130-131d-11e9-be6a-0206f8c1a7a2
spec:
  containers:
  - args:
    - serve
    - all
    - --dangerous-force-http
    env:
    - name: DATABASE_URL
      value: postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
    - name: SYSTEM_SECRET
      value: youReallyNeedToChangeThis
    - name: OAUTH2_SHARE_ERROR_DEBUG
      value: "1"
    - name: OIDC_SUBJECT_TYPES_SUPPORTED
      value: public,pairwise
    - name: OIDC_SUBJECT_TYPE_PAIRWISE_SALT
      value: youReallyNeedToChangeThis
    - name: REVISION
      value: 5185e20a6543846e4cd3793c410620138c119688
    - name: TAG
      value: ops-808
    - name: DEPLOY_ID
      value: "2308"
    - name: DEPLOY_GROUP
      value: team-ops
    - name: PROJECT
      value: hydra
    - name: ROLE
      value: server
    - name: KUBERNETES_CLUSTER_NAME
      value: staging
    - name: OAUTH2_CONSENT_URL
      value: $(ENVIRONMENT_URL)/yyy/consent
    - name: OAUTH2_ISSUER_URL
      value: $(ENVIRONMENT_URL)
    - name: OAUTH2_LOGIN_URL
      value: $(ENVIRONMENT_URL)/yyy/login
    - name: ENVIRONMENT_TYPE
      value: test
    - name: ENVIRONMENT_URL
      value: https://$(ENVIRONMENT_NAME).xxx.xxx
    - name: SQS_ENDPOINT
      value: http://localstack:31000
    - name: ENVIRONMENT_NAME
      value: $(DEPLOY_GROUP)
    - name: AWS_ACCESS_KEY_ID
      value: invalid
    - name: AWS_SECRET_ACCESS_KEY
      value: invalid
    - name: AWS_REGION
      value: eu-west-1
    - name: POD_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.name
    - name: POD_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    - name: POD_IP
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: status.podIP
    image: oryd/hydra:v1.0.0-beta.9-alpine
    imagePullPolicy: Always
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /health/alive
        port: 4445
        scheme: HTTP
      periodSeconds: 30
      successThreshold: 1
      timeoutSeconds: 1
    name: hydra
    ports:
    - containerPort: 4444
      protocol: TCP
    - containerPort: 4445
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /health/ready
        port: 4445
        scheme: HTTP
      periodSeconds: 30
      successThreshold: 1
      timeoutSeconds: 1
    resources:
      limits:
        cpu: "1"
        memory: 300M
      requests:
        cpu: 50m
        memory: 100M
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-zzlzr
      readOnly: true
  dnsPolicy: ClusterFirst
  imagePullSecrets:
  - name: docker-registry
  initContainers:
  - args:
    - migrate
    - sql
    - -e
    env:
    - name: DATABASE_URL
      value: postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
    image: oryd/hydra:v1.0.0-beta.9-alpine
    imagePullPolicy: IfNotPresent
    name: migrate
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-zzlzr
      readOnly: true
  nodeName: ip-172-20-119-48.eu-west-1.compute.internal
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: default-token-zzlzr
    secret:
      defaultMode: 420
      secretName: default-token-zzlzr
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: 2019-01-08T08:15:27Z
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: 2019-01-08T08:15:35Z
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: 2019-01-08T08:15:25Z
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://f4a3c32e76dcb146fed660ab5ad5b5701fdb54e3a2ce3564e428032aadeac01c
    image: oryd/hydra:v1.0.0-beta.9-alpine
    imageID: docker-pullable://oryd/hydra@sha256:39f622aa57e56e2637e69a807e45e6eeca1c56694845daaa0cb43ce2204703da
    lastState: {}
    name: hydra
    ready: true
    restartCount: 0
    state:
      running:
        startedAt: 2019-01-08T08:15:28Z
  hostIP: 172.20.119.48
  initContainerStatuses:
  - containerID: docker://825e02f5bc9c4554ca56ae8df624240ac513fba11f1e7272931327bd707ee710
    image: oryd/hydra:v1.0.0-beta.9-alpine
    imageID: docker-pullable://oryd/hydra@sha256:39f622aa57e56e2637e69a807e45e6eeca1c56694845daaa0cb43ce2204703da
    lastState: {}
    name: migrate
    ready: true
    restartCount: 0
    state:
      terminated:
        containerID: docker://825e02f5bc9c4554ca56ae8df624240ac513fba11f1e7272931327bd707ee710
        exitCode: 0
        finishedAt: 2019-01-08T08:15:26Z
        reason: Completed
        startedAt: 2019-01-08T08:15:26Z
  phase: Running
  podIP: 100.102.0.180
  qosClass: Burstable
  startTime: 2019-01-08T08:15:25Z
	$ kubectl exec -it hydra-6d49ff8579-gjvmh sh
	$ env \| egrep 'URL\|NAME'
	ENVIRONMENT_NAME=team-ops
	DATABASE_URL=postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
	HOSTNAME=hydra-6d49ff8579-gjvmh
	OAUTH2_LOGIN_URL=$(ENVIRONMENT_URL)/yyy/login
	OAUTH2_CONSENT_URL=$(ENVIRONMENT_URL)/yyy/consent
	POD_NAME=hydra-6d49ff8579-gjvmh
	KUBERNETES_CLUSTER_NAME=staging
	POD_NAMESPACE=team-ops
	OAUTH2_ISSUER_URL=$(ENVIRONMENT_URL)
	ENVIRONMENT_URL=https://$(ENVIRONMENT_NAME).xxx.xxx
	OAUTH2_CONSENT_URL="\$(ENVIRONMENT_URL)/yyy/consent"
	OAUTH2_ISSUER_URL="\$(ENVIRONMENT_URL)"
	OAUTH2_LOGIN_URL="\$(ENVIRONMENT_URL)/yyy/login"
	ENVIRONMENT_TYPE="test"
	ENVIRONMENT_URL="https://\$(ENVIRONMENT_NAME).xxx.xxx"
	SQS_ENDPOINT="http://localstack:31000"
	ENVIRONMENT_NAME="\$(DEPLOY_GROUP)"
	AWS_ACCESS_KEY_ID="invalid"
	AWS_SECRET_ACCESS_KEY="invalid"
	AWS_REGION="eu-west-1"
	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	name: hydra
	labels:
	project: hydra
	role: server
	spec:
	selector:
	matchLabels:
	project: hydra
	role: server
	strategy:
	rollingUpdate:
	maxUnavailable: 0
	type: RollingUpdate
	template:
	metadata:
	labels:
	project: hydra
	role: server
	foo: bar
	spec:
	initContainers:
	- name: migrate
	samson/dockerfile: none
	image: oryd/hydra:v1.0.0-beta.9-alpine
	env:
	- name: DATABASE_URL
	value: postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
	args: ['migrate', 'sql', '-e']
	containers:
	- name: hydra
	samson/dockerfile: none
	image: oryd/hydra:v1.0.0-beta.9-alpine
	imagePullPolicy: Always
	args: ['serve', 'all', '--dangerous-force-http']
	env:
	- name: ENVIRONMENT_URL
	value: https://xxx.xxx.xxx
	- name: OAUTH2_ISSUER_URL
	value: $(ENVIRONMENT_URL)
	- name: OAUTH2_CONSENT_URL
	value: $(ENVIRONMENT_URL)/yyy/consent
	- name: OAUTH2_LOGIN_URL
	value: $(ENVIRONMENT_URL)/yyy/login
	- name: DATABASE_URL
	value: postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
	- name: SYSTEM_SECRET
	value: youReallyNeedToChangeThis
	- name: OAUTH2_SHARE_ERROR_DEBUG
	value: '1'
	- name: OIDC_SUBJECT_TYPES_SUPPORTED
	value: public,pairwise
	- name: OIDC_SUBJECT_TYPE_PAIRWISE_SALT
	value: youReallyNeedToChangeThis
	ports:
	- containerPort: 4444
	- containerPort: 4445
	livenessProbe:
	httpGet:
	path: /health/alive
	port: 4445
	periodSeconds: 30
	readinessProbe:
	httpGet:
	path: /health/ready
	port: 4445
	periodSeconds: 30
	apiVersion: v1
	kind: Pod
	metadata:
	annotations:
	samson/deploy_url: https://zzz.zzz.zzz/projects/hydra-config/deploys/2308
	creationTimestamp: 2019-01-08T08:15:25Z
	generateName: hydra-6d49ff8579-
	labels:
	deploy_group: team-ops
	deploy_group_id: "7"
	deploy_id: "2308"
	foo: bar
	pod-template-hash: "1986527261"
	project: hydra
	project_id: "60"
	release_id: "2199"
	revision: 5185e20a6543846e4cd3793c410620138c119688
	role: server
	role_id: "59"
	tag: ops-808
	name: hydra-6d49ff8579-gjvmh
	namespace: team-ops
	ownerReferences:
	- apiVersion: extensions/v1beta1
	blockOwnerDeletion: true
	controller: true
	kind: ReplicaSet
	name: hydra-6d49ff8579
	uid: 8d0b24ac-131d-11e9-be6a-0206f8c1a7a2
	resourceVersion: "31397437"
	selfLink: /api/v1/namespaces/team-ops/pods/hydra-6d49ff8579-gjvmh
	uid: 8d0f8130-131d-11e9-be6a-0206f8c1a7a2
	spec:
	containers:
	- args:
	- serve
	- all
	- --dangerous-force-http
	env:
	- name: DATABASE_URL
	value: postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
	- name: SYSTEM_SECRET
	value: youReallyNeedToChangeThis
	- name: OAUTH2_SHARE_ERROR_DEBUG
	value: "1"
	- name: OIDC_SUBJECT_TYPES_SUPPORTED
	value: public,pairwise
	- name: OIDC_SUBJECT_TYPE_PAIRWISE_SALT
	value: youReallyNeedToChangeThis
	- name: REVISION
	value: 5185e20a6543846e4cd3793c410620138c119688
	- name: TAG
	value: ops-808
	- name: DEPLOY_ID
	value: "2308"
	- name: DEPLOY_GROUP
	value: team-ops
	- name: PROJECT
	value: hydra
	- name: ROLE
	value: server
	- name: KUBERNETES_CLUSTER_NAME
	value: staging
	- name: OAUTH2_CONSENT_URL
	value: $(ENVIRONMENT_URL)/yyy/consent
	- name: OAUTH2_ISSUER_URL
	value: $(ENVIRONMENT_URL)
	- name: OAUTH2_LOGIN_URL
	value: $(ENVIRONMENT_URL)/yyy/login
	- name: ENVIRONMENT_TYPE
	value: test
	- name: ENVIRONMENT_URL
	value: https://$(ENVIRONMENT_NAME).xxx.xxx
	- name: SQS_ENDPOINT
	value: http://localstack:31000
	- name: ENVIRONMENT_NAME
	value: $(DEPLOY_GROUP)
	- name: AWS_ACCESS_KEY_ID
	value: invalid
	- name: AWS_SECRET_ACCESS_KEY
	value: invalid
	- name: AWS_REGION
	value: eu-west-1
	- name: POD_NAME
	valueFrom:
	fieldRef:
	apiVersion: v1
	fieldPath: metadata.name
	- name: POD_NAMESPACE
	valueFrom:
	fieldRef:
	apiVersion: v1
	fieldPath: metadata.namespace
	- name: POD_IP
	valueFrom:
	fieldRef:
	apiVersion: v1
	fieldPath: status.podIP
	image: oryd/hydra:v1.0.0-beta.9-alpine
	imagePullPolicy: Always
	livenessProbe:
	failureThreshold: 3
	httpGet:
	path: /health/alive
	port: 4445
	scheme: HTTP
	periodSeconds: 30
	successThreshold: 1
	timeoutSeconds: 1
	name: hydra
	ports:
	- containerPort: 4444
	protocol: TCP
	- containerPort: 4445
	protocol: TCP
	readinessProbe:
	failureThreshold: 3
	httpGet:
	path: /health/ready
	port: 4445
	scheme: HTTP
	periodSeconds: 30
	successThreshold: 1
	timeoutSeconds: 1
	resources:
	limits:
	cpu: "1"
	memory: 300M
	requests:
	cpu: 50m
	memory: 100M
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	name: default-token-zzlzr
	readOnly: true
	dnsPolicy: ClusterFirst
	imagePullSecrets:
	- name: docker-registry
	initContainers:
	- args:
	- migrate
	- sql
	- -e
	env:
	- name: DATABASE_URL
	value: postgres://hydra:secret@hydra-postgres:5432/hydra?sslmode=disable
	image: oryd/hydra:v1.0.0-beta.9-alpine
	imagePullPolicy: IfNotPresent
	name: migrate
	resources: {}
	terminationMessagePath: /dev/termination-log
	terminationMessagePolicy: File
	volumeMounts:
	- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	name: default-token-zzlzr
	readOnly: true
	nodeName: ip-172-20-119-48.eu-west-1.compute.internal
	restartPolicy: Always
	schedulerName: default-scheduler
	securityContext: {}
	serviceAccount: default
	serviceAccountName: default
	terminationGracePeriodSeconds: 30
	tolerations:
	- effect: NoExecute
	key: node.kubernetes.io/not-ready
	operator: Exists
	tolerationSeconds: 300
	- effect: NoExecute
	key: node.kubernetes.io/unreachable
	operator: Exists
	tolerationSeconds: 300
	volumes:
	- name: default-token-zzlzr
	secret:
	defaultMode: 420
	secretName: default-token-zzlzr
	status:
	conditions:
	- lastProbeTime: null
	lastTransitionTime: 2019-01-08T08:15:27Z
	status: "True"
	type: Initialized
	- lastProbeTime: null
	lastTransitionTime: 2019-01-08T08:15:35Z
	status: "True"
	type: Ready
	- lastProbeTime: null
	lastTransitionTime: 2019-01-08T08:15:25Z
	status: "True"
	type: PodScheduled
	containerStatuses:
	- containerID: docker://f4a3c32e76dcb146fed660ab5ad5b5701fdb54e3a2ce3564e428032aadeac01c
	image: oryd/hydra:v1.0.0-beta.9-alpine
	imageID: docker-pullable://oryd/hydra@sha256:39f622aa57e56e2637e69a807e45e6eeca1c56694845daaa0cb43ce2204703da
	lastState: {}
	name: hydra
	ready: true
	restartCount: 0
	state:
	running:
	startedAt: 2019-01-08T08:15:28Z
	hostIP: 172.20.119.48
	initContainerStatuses:
	- containerID: docker://825e02f5bc9c4554ca56ae8df624240ac513fba11f1e7272931327bd707ee710
	image: oryd/hydra:v1.0.0-beta.9-alpine
	imageID: docker-pullable://oryd/hydra@sha256:39f622aa57e56e2637e69a807e45e6eeca1c56694845daaa0cb43ce2204703da
	lastState: {}
	name: migrate
	ready: true
	restartCount: 0
	state:
	terminated:
	containerID: docker://825e02f5bc9c4554ca56ae8df624240ac513fba11f1e7272931327bd707ee710
	exitCode: 0
	finishedAt: 2019-01-08T08:15:26Z
	reason: Completed
	startedAt: 2019-01-08T08:15:26Z
	phase: Running
	podIP: 100.102.0.180
	qosClass: Burstable
	startTime: 2019-01-08T08:15:25Z