Environment Variables (ConfigMaps and Secrets) - Sandeep-K-Khandelwal/CKAD GitHub Wiki

Direct way to specify environment variables as plain key/value pair

apiVersion: v1
kind: Pod
metadata:
  name: simple-webapp-color
spec:
  containers:
  - image: simple-webapp-color
    name: simple-webapp-color
    ports:
    - containerPort: 8080
    env:
    - name: APP_COLOR
      value: pink

ConfigMaps

  • ConfigMaps are used to pass configuration data in the form of key value pairs in Kubernetes.
  • When a POD is created, inject the ConfigMap into the POD, so the key value pairs are available as environment variables for the application hosted inside the container in the POD.
  • So there are two phases involved in configuring ConfigMaps. First create the ConfigMaps and second Inject them into the POD.

Create ConfigMap

Create ConfigMap using imperative way by specifying key-value pair in the command line

  • kubectl create configmap <configmap-name> --from-literal=key=value
  • kubectl create configmap app-config --from-literal=APP_COLOR=blue
  • kubectl create configmap app-config --from-literal=APP_COLOR=blue --from-literal=APP_MOD=prod

Create ConfigMap using imperative way by specifying the file name

  • kubectl create configmap <configmap-name> --from-file=path-to-file
  • kubectl create configmap app-config --from-file=app_config.properties

Declarative way - using YML file

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  APP_COLOR: blue
  APP_MOD: prod

Inject ConfigMap

Use envFrom to define all of the ConfigMap's data as container environment variables.

apiVersion: v1
kind: Pod
metadata:
  name: simple-webapp-color
spec:
  containers:
  - image: simple-webapp-color
    name: simple-webapp-color
    ports:
    - containerPort: 8080
    envFrom:
    - configMapRef: 
        name: app-config

Use specific variables from ConfigMap's

apiVersion: v1
kind: Pod
metadata:
  name: simple-webapp-color
spec:
  containers:
  - image: simple-webapp-color
    name: simple-webapp-color
    ports:
    - containerPort: 8080
    env:
    - name: APP_COLOR
      valueFrom: 
        configMapKeyRef:
          name: app-config
          key: APP_COLOR

Secrets

  • Secrets store the value in a hashed format.

Create Secret

Create Secret using imperative way by specifying key-value pair in the command line

  • kubectl create secret generic <secret-name> --from-literal=key=value
  • kubectl create secret generic app-secret --from-literal=DB_host=local
  • kubectl create secret generic app-secret --from-literal=DB_host=local --from-literal=DB_root_user=root --from-literal=DB_root_pwd=password

Create Secret using imperative way by specifying the file name

  • kubectl create secret generic <secret-name> --from-file=path-to-file
  • kubectl create secret generic app-secret --from-file=app_config.properties

Declarative way - using YML file

apiVersion: v1
kind: Secret
metadata:
  name: app-secret
data:
  DB_host: bG9jYWwK
  DB_root_user: cm9vdAo=
  DB_root_pwd: cGFzc3dvcmQK

In the above case, we need to specify the encoded values for the secret values like echo -n 'local' | base64

Inject Secret

Use envFrom to define all of the Secret's data as container environment variables.

apiVersion: v1
kind: Pod
metadata:
  name: simple-webapp-color
spec:
  containers:
  - image: simple-webapp-color
    name: simple-webapp-color
    ports:
    - containerPort: 8080
    envFrom:
    - secretRef: 
        name: app-secret

Use specific variables from Secret

apiVersion: v1
kind: Pod
metadata:
  name: simple-webapp-color
spec:
  containers:
  - image: simple-webapp-color
    name: simple-webapp-color
    ports:
    - containerPort: 8080
    env:
    - name: DB_host
      valueFrom: 
        secretKeyRef:
          name: app-secret
          key: DB_host
  • kubectl describe secret <secret-name will display only the number of bytes as the value of the secret
  • kubectl get secret <secret-name -o yaml will display the hased values of the secret. Use echo -n <hash value> | base64 --decode to get the actual value
⚠️ **GitHub.com Fallback** ⚠️