Sunday, August 21, 2022

[FIXED] How to access cloud run environment variables in Dockerfile

      , , ,      No comments   

Issue

I have built a containerised python application which runs without issue locally using a .env file and and a docker-compose.yml file compiled with compose build.

I am then able to use variables within the Dockerfile like this.

ARG APP_USR
ENV APP_USR ${APP_USR}

ARG APP_PASS
ENV APP_PASS ${APP__PASS}

RUN pip install https://${APP_USR}:${APP_PASS}@github.org/*****/master.zip

I am deploying to cloud run via a synced bitbucket repository, and have defined under "REVISIONS" > "SECRETS AND VARIABLES",(as described here: https://cloud.google.com/run/docs/configuring/environment-variables) but I can not work out how to access these variables in the Dockerfile during build.

As I understand it, I need to create a cloudbuild.yaml file to define the variables, but I haven't been able to find a clear example of how to set this up using the Environment variables defined in cloud run.


Solution

My understanding is that it is not possible to directly use a Cloud Run revision's environment variables in the Dockerfile because the build is managed by Cloud Build, which doesn't know about Cloud Run revision before the deployment.

But I was able to use Secret Manager's secrets in the Dockerfile.

Sources:

Quick summary:

In your case, for APP_USR and APP_PASS:

  1. Grant the Secret Manager Secret Accessor (roles/secretmanager.secretAccessor) IAM role for the secret to the Cloud Build service account (see first source).

  2. Add an availableSecrets block at the end of the cloudbuild.yaml file (out of the steps block):

availableSecrets:
  secretManager:
  - versionName: <APP_USR_SECRET_RESOURCE_ID_WITH_VERSION>
    env: 'APP_USR'
  - versionName: <APP_PASS_SECRET_RESOURCE_ID_WITH_VERSION>
    env: 'APP_PASS'
  1. Pass the secrets to your build step (depends on how you summon docker build, Google's documentation uses 'bash', I use Docker directly):
  - id: Build
    name: gcr.io/cloud-builders/docker
    args:
      - build
      - '-f=Dockerfile'
      - '.'

      # Add these two `--build-arg` params:

      - '--build-arg'
      - 'APP_USR=$$APP_USR'

      - '--build-arg'
      - 'APP_PASS=$$APP_PASS'

    secretEnv: ['APP_USR', 'APP_PASS'] # <=== add this line
  1. Use these secrets as standard environment variables in your Dockerfile:
ARG APP_USR
ENV APP_USR $APP_USR

ARG APP_PASS
ENV APP_PASS $APP_PASS

RUN pip install https://$APP_USR:$APP_PASS@github.org/*****/master.zip


Answered By - Seeven
Answer Checked By - Gilberto Lyons (PHPFixing Admin)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...