Home > Back-end >  Setting environment variables in kubernetes manifest using "kubectl set env"
Setting environment variables in kubernetes manifest using "kubectl set env"

Time:11-08

I am trying to update a helm-deployed deployment so that it uses a secret stored as a k8s secret resource. This must be set as the STORAGE_PASSWORD environment variable in my pod.

In my case, the secret is in secrets/redis and the data item is redis-password:

$ kubectl get secret/redis -oyaml
apiVersion: v1
data:
  redis-password: XXXXXXXXXXXXXXXX=
kind: Secret
metadata:
  name: redis
type: Opaque

I have tried:

$ kubectl set env --from secret/redis deployment/gateway --keys=redis-password
Warning: key redis-password transferred to REDIS_PASSWORD
deployment.apps/gateway env updated

When I look in my updated deployment manifest, I see the variable has been added but (as suggested) the variable has been set to REDIS_PASSWORD:

        - name: REDIS_PASSWORD
          valueFrom:
            secretKeyRef:
              key: redis-password
              name: redis

I have also tried kubectl patch with a replace operation, but I can't get the syntax correct to have the secret inserted.

How do I change the name of the environment variable to STORAGE_PASSWORD?

CodePudding user response:

you may also update resources with kubectl edit:

kubectl edit deployment gateway

then edit the yaml file

    # - name: REDIS_PASSWORD
    - name: STORAGE_PASSWORD
      valueFrom:
        secretKeyRef:
          key: redis-password
          name: redis

FYI: https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#kubectl-edit

CodePudding user response:

Given a deployment that looks like this:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: example
spec:
  replicas: 1
  template:
    spec:
      containers:
        - image: alpinelinux/darkhttpd
          name: darkhttpd
          args:
            - --port
            - "9991"
          ports:
            - name: http
              protocol: TCP
              containerPort: 9991
          env:
            - name: EXAMPLE_VAR
              value: example value

The syntax for patching in your secret would look like:

kubectl patch deploy/example --patch='
  {
    "spec": {
      "template": {
        "spec": {
          "containers": [
            {
              "name": "darkhttpd",
              "env": [
                {
                  "name": "STORAGE_PASSWORD",
                  "valueFrom": {
                    "secretKeyRef": {
                      "name": "redis",
                      "key": "redis-password"
                    }
                  }
                }
              ]
            }
          ]
        }
      }
    }
  }
'

Or using a JSONPatch style patch:

kubectl patch --type json deploy/example --patch='
[
  {
    "op": "add",
    "path": "/spec/template/spec/containers/0/env/-",
    "value": {
      "name": "STORAGE_PASSWORD",
      "valueFrom": {
        "secretKeyRef": {
          "name": "redis",
          "key": "redis-password"
        }
      }
    }
  }
]
'

Neither one is especially pretty because you're adding a complex nested structure to an existing complex nested structure.

Page link:https//www.codepudding.com/Backend/602396.html

Prev:Split string to only return the substring prior to the nth occurrence of a delimiter in JavaScript
Next:no matches for kind "KafkaConnect" in version "kafka.strimzi.io/v1beta2"
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding