flux-envsubst
At jaconi, we frequently recommend Flux along with the
kustomize-controller to our customers. These two work great when using
GitOps! However, developers do not want to create pull requests during development. They use Kustomize locally and apply
the rendered Kubernetes manifests using kubectl. That way, some functionality provided by Flux gets lost, leading to a
couple of problems. We created flux-envsubst to solve these problems.
You can find the source code and installation instructions at GitHub: https://github.com/jaconi-io/flux-envsubst.
Variable Substitution
Flux supports variable substitution.
This Flux feature is not supported by Kustomize. Flux suggests using Drone’s
envsubst for local development. However, envsubst does not respect the
kustomize.toolkit.fluxcd.io/substitute: disabled annotation / label:
flux-envsubst does, though:
SOPS
Flux supports SOPS while Kustomize does not:
![$ cat « EOF | kubectl apply -f -apiVersion: v1kind: Secretdata:SECRET: ENC[AES256_GCM,data:…,type:str]sops:kms: []EOFerror: error validating “STDIN”: error validating data: ValidationError(Secret): unknown field “sops” in io.k8s.api.core.v1.Secret; if you choose to ignore these errors, turn validation off with –validate=false](/images/blogs/introducing_flux-envsubst/sops-envsubst.png)
flux-envsubst ignores SOPS secrets
allowing local development without manually decrypting secrets (which might not even be possible without proper key
access).
![$ cat « EOF | flux-envsubstapiVersion: v1kind: Secretdata:SECRET: ENC[AES256_GCM,data:…,type:str]sops:kms: []EOFskipping sops encrypted secret /](/images/blogs/introducing_flux-envsubst/sops-flux-envsubst.png)
.env Files
flux-envsubst allows variable substitution from .env files. When having a couple of variables, an .env file makes
things a lot more readable.
