Skip to content

Instantly share code, notes, and snippets.

@troyharvey
Last active September 13, 2024 19:00
Show Gist options
  • Save troyharvey/4506472732157221e04c6b15e3b3f094 to your computer and use it in GitHub Desktop.
Save troyharvey/4506472732157221e04c6b15e3b3f094 to your computer and use it in GitHub Desktop.
Using Kubernetes envFrom for environment variables
# Use envFrom to load Secrets and ConfigMaps into environment variables
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: mans-not-hot
labels:
app: mans-not-hot
spec:
replicas: 1
selector:
matchLabels:
app: mans-not-hot
template:
metadata:
labels:
app: mans-not-hot
spec:
containers:
- name: app
image: gcr.io/mans-not-hot/app:bed1f9d4
imagePullPolicy: Always
ports:
- containerPort: 80
envFrom:
- configMapRef:
name: env-configmap
- secretRef:
name: env-secrets
# Use config map for not-secret configuration data
apiVersion: v1
kind: ConfigMap
metadata:
name: env-configmap
data:
APP_NAME: Mans Not Hot
APP_ENV: production
# Use secrets for things which are actually secret like API keys, credentials, etc
# Base64 encode the values stored in a Kubernetes Secret: $ pbpaste | base64 | pbcopy
# The --decode flag is convenient: $ pbpaste | base64 --decode
apiVersion: v1
kind: Secret
metadata:
name: env-secrets
type: Opaque
data:
DB_PASSWORD: cDZbUGVXeU5e0ZW
REDIS_PASSWORD: AAZbUGVXeU5e0ZB
@fmaxx
Copy link

fmaxx commented Jan 31, 2020

Thank you! I've been looking a solution for configMap + secret for 2 hours.

@olso
Copy link

olso commented Apr 7, 2020

@troyharvey
Copy link
Author

@able8
Copy link

able8 commented Nov 16, 2020

cool!

@ST-DDT
Copy link

ST-DDT commented May 18, 2021

Does a change to the config-map/secret referenced in envFrom trigger a rolling update to the deployment?
What if that variable is reused in the actual env section:

envFrom:
- configMap: foobar-mode
env:
- name: ACTIVE_PROFILES
  value: "a,b,c,${FOOBAR_MODE}"

And I would like to know, whether that is in the spec or just undefined behavior.

@ST-DDT
Copy link

ST-DDT commented May 18, 2021

AFAICT it does not restart by itself

@troyharvey
Copy link
Author

Does a change to the config-map/secret referenced in envFrom trigger a rolling update to the deployment?

No

What if that variable is reused in the actual env section.

env has precedence over envFrom. See https://stackoverflow.com/a/54398918/581584

@elfrinjo
Copy link

Interesting! I am currently debugging an application where exactly this configuration will not update the variable inside the container despite deleting and recreating the deployment.

@ST-DDT
Copy link

ST-DDT commented May 18, 2021

I didn't use the valueFrom/configMapKeyRef, but envFrom and used ${VAR} inside env section (deployment).
The env in the pod-env was updated after deleting the pod (it will automatically be recreated from the deployment).

@vitalykarasik
Copy link

env has precedence over envFrom
Not directly related, but I have NestJS app, and as I as I see there are two variables (PORT and NODE_TLS_REJECT_UNAUTHORIZED) which I cannot move to my configmap. I mean - app accepts them only from "env", not from configmap.
I'm curious why? Is there a chance that "env" and envFrom/configMapRef injected on different stages of pod creation?

@jasonjiang9527
Copy link

does anyone know how to set envFrom of config.yaml like this:

apiVersion: v1
kind: ConfigMap
metadata:
  name: conf-1

data:
  config.yaml: |
    hello: config-map3
    key1: value1

@jasonjiang9527
Copy link

does anyone know how to set envFrom of config.yaml like this:

https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables

this doc just talk about <ConfigMap containing "multiple key-value pairs".>
like :

data:
  SPECIAL_LEVEL: very
  SPECIAL_TYPE: charm

, but what i want is

data:
  config.yaml: | 
    hello: config-map3
    key1: value1

the doc doesn't work with config.yaml's format

@ST-DDT
Copy link

ST-DDT commented Sep 18, 2021

I'm not sure what exactly you want.
Do you want to use a config map to store the yaml as is?
Or do you want to create a config map that contains the key value pairs from an existing yaml?

@jasonjiang9527
Copy link

I'm not sure what exactly you want.
Do you want to use a config map to store the yaml as is?
Or do you want to create a config map that contains the key value pairs from an existing yaml?

i want to expose all keys&values (like export key1=value1 and so on ... ) from my-conf'config.yaml as a pod's environment variables

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-conf

data:
  config.yaml: | # note this is a file 
    key1: value1
    key2: value2

### not this 
#data:
#  key1: value1
#  key2: value2

@ST-DDT
Copy link

ST-DDT commented Sep 18, 2021

Well, if you wish to use envFrom, then

data:
  key1: value1
  key2: value2

will expose it as if you were doing export key1=value1 && export key2=value2.

Whereas:

data:
  config.yaml: | # note this is a file 
    key1: value1
    key2: value2

Is equivalent to export config.yaml=$(cat config.yaml) (if we ignore that env variables may not have a . in their name)

@jasonjiang9527
Copy link

thk for ur explain, actually in my case with envFrom.configMapRef , only one env exist and its name is config.yaml , value is .yaml ,i seem to know about how configMapRef works

@tahmmee
Copy link

tahmmee commented May 18, 2022

Never hot

@nice-pink
Copy link

Or for loading explicit values from a secret:

env:
- name: PASSWORD
  valueFrom:
    secretKeyRef:
      name: my-credentials
      key: password

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment