Skip to content

add option to filter out environment variables #705

@karlderkaefer

Description

@karlderkaefer

When you have more than ~2600 environment variables in container, the entrypoint will fail https://github.com/nginxinc/docker-nginx/blob/ed42652f987141da65bab235b86a165b2c506cf5/entrypoint/20-envsubst-on-templates.sh#L32

50000 ./test.sh: line 10: /usr/bin/envsubst: Argument list too long 

You can easily that reach that number of environment variables in kubernetes when you have a lot of services within one namespace ~60 and running Istio with mTLS. The Istio proxy will inject multiple environment variables for each service. Just one example with 68 services

kubectl get svc | wc -l 68 kubectl exec -it some-pod -- env | wc -l 1752 

This will cause the container go into pod crashing loop.

I would propose the give the user a possible to whitelist which environment variables should be passed to template instead of all environment variables

How to reproduce

cat <<EOT > test.sh #!/bin/bash for INDEX in {1..6000} do export VAR_\$INDEX=\$INDEX done defined_envs=\$(printf '\${%s} ' \$(xargs -0n1 -a /proc/self/environ sh -c 'echo "\$@" | grep -oEm1 "^[^=]+"' --)); env | grep "VAR_" | wc -l envsubst "\$defined_envs" < "./template.yaml" EOT cat <<EOT > template.yaml data: \${VAR_1}: bla EOT chmod +x ./test.sh ./test.sh 

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions