Howdy! 
BACKGROUND
This post is going to walk you through the steps required to fit a multi-line configuration file into your YAML spec while using Harness.
In our example, the goal is to put a Secret - Encrypted File content into an environment variable, by using a Pod (or Deployment) Kubernetes Manifest YAML file.
This post is not trying to discuss the “K8s Secret + Volumes + VolumeMounts” approach to serving files to your container. But, keep in mind that this is actually a good practice when you need to share encrypted content to your containers inside Pods.
INTRODUCTION
We’re going to use an encrypted certificate file, that will be stored in the Harness Secrets Manager.
Then, we’ll retrieve that content in base64.
After that, we finish the job by converting and indenting it properly, so it will not break your YAML Manifest file.
The pain in the neck: YAML indentation. Beyond that “barrier”, you can even store the raw content into an environment variable for your container, as this guide will show you!
So… let’s do it!
FIRST STEPS - BUILDING THE ROAD
-
First of all, we’ll upload this dummy certificate .crt file on Harness Secrets Manager (Security → Secrets Manager → Secrets → Encrypted Files → Add Encrypted File):
-
Now, we’ll create a basic Kubernetes Service, just like that:
-
And we’ll add a basic Docker Hub Library Busybox Artifact Source:
-
After that, let’s add everything we need to serve the certificate file to this Service.
4.1 In the Service, at the bottom of the screen, please add the Config File:
4.2 And a “Values YAML Override”, just so we can do our retrieve-and-convert trick:
crdb_key: ${configFile.getAsBase64(“gabs_crdb_crt”)}
4.3 Voilà:
-
Now, I’ll just create a brand new Dev Environment, for this tutorial only:
-
And use this very common Infrastructure Definition:
I guess we can now cut to the chase and start working on our manifest files (finally! 
)
SECOND STEPS - WORKING WITH THE YAML MANIFESTS
I’ll keep the Service Project very clean, so we can focus on the lab:
Important: you can find the code in my GitHub Repo! I’ll just put some screenshots here to better illustrate the process!
-
This is a very clean “values.yaml” version:
-
And the usual “namespace.yaml”:
-
Now, I’ll finally create a pod, by using this “crdbclient_pod.yaml” file.
I’ll just use the busybox image to emulate a CockroachDB Client. My intention is just to introduce you guys to a Pod with some env vars and commands. Nothing deeper than that!
The trick starts at line 18. Please notice the multi-line syntax and a lot of care with empty spaces.
Remember: you can find the YAML files here
FINAL STEPS - DEPLOY AND PROVE IT!!!
-
Let’s create a K8s Rolling Deployment Workflow, nothing new, pretty usual:
-
Deploy, deploy, deploy!
-
Superb!
-
FINALLY! Let’s check the outcome!
Our busybox container is only printing the env vars, so we may check if everything is working as expected, and we got the desired outcome.
PLEASE REMEMBER
The vital part here is to manipulate the Secret properly and indenting the converted content correctly inside your YAML Manifest.
So, sometimes, you might have to indent the block even further in your file.
{{.Values.crdb_key | b64dec | indent 12}} can become {{.Values.crdb_key | b64dec | indent 14}}, for example.
ERRORS THAT COULD BE RELATED TO THIS ARTICLE (IT MIGHT HELP YOU)
Error parsing YAML. Line 3, column 0: Expected a ‘block end’ but found: scalar. @[<>]
Invalid Kubernetes YAML Spec. while scanning a block scalar
expected a comment or a line break but found -(45)
Invalid Kubernetes YAML Spec. while scanning a simple key
CONCLUSION
I hope you could understand and reproduce my steps. Feel free to ask us anything, here in this thread, so we can help ASAP!