search

basecamp / kamal

Deploy web apps anywhere.
https://kamal-deploy.org
MIT License
9.38k stars 357 forks source link

`kamal config` not displaying env vars for roles #816

Open nickhammond opened 1 month ago

nickhammond commented 1 month ago

kamal config mentions that it will output the combined config including secrets but it looks like they're missing for roles/servers. I'm seeing them on accessories but nothing from the global or role level.

kamal config              # Show combined config (including secrets!)

With this deploy.yml file:

service: hey

image: nickhammond/hey

registry:
  server: ghcr.io
  username: <%= %x(gh config get -h github.com username).strip %>
  password: <%= %x(gh config get -h github.com oauth_token).strip %>

env:
  clear:
    GLOBAL_VAR: 1
  secret:
    - GLOBAL_SECRET

servers:
  web:
    hosts:
      - 867.53.0.9
    env:
      clear:
        ROLE_VAR: true
      secret:
        - ROLE_SECRET

accessories:
  db:
    image: mysql:8.0
    host: 867.53.0.9
    port: 3306
    env:
      clear:
        MYSQL_DATABASE: 'production'
        MYSQL_ROOT_HOST: '%'
      secret:
        - MYSQL_ROOT_PASSWORD
    directories:
      - data:/var/lib/mysql

kamal config output is this:

---
:roles:
- web
:hosts:
- 867.53.0.9
:primary_host: 867.53.0.9
:version: HEAD
:repository: ghcr.io/nickhammond/hey
:absolute_image: ghcr.io/nickhammond/hey:HEAD
:service_with_version: hey-HEAD
:volume_args: []
:ssh_options:
  :user: root
  :port: 22
  :keepalive: true
  :keepalive_interval: 30
  :log_level: :fatal
:sshkit: {}
:builder: {}
:accessories:
  db:
    image: mysql:8.0
    host: 867.53.0.9
    port: 3306
    env:
      clear:
        MYSQL_DATABASE: production
        MYSQL_ROOT_HOST: "%"
      secret:
      - MYSQL_ROOT_PASSWORD
    directories:
    - data:/var/lib/mysql
:logging:
- "--log-opt"
- max-size="10m"
:healthcheck:
  path: "/up"
  port: 3000
  max_attempts: 7
  exposed_port: 3999
  cord: "/tmp/kamal-cord"
  log_lines: 50

I would expect to see GLOBAL_VAR, GLOBAL_SECRET, ROLE_VAR, and ROLE_SECRET in this output but it's missing.

It might be related to https://github.com/basecamp/kamal/issues/803 but slightly different.

Happy to have a go at it but just wanted to mention it first. I was trying to troubleshoot some env var loading and remembered this command existed but haven't used it in a while.