Pods are the smallest deployable units of computing that can be created and managed in Kubernetes.
Description and examples inspired by https://kubernetes.io/.
How to use environment variables inside the container run command?
Environment variable name has to be put inside $().
Example for env variable ENV_VAR_NAME: $(ENV_VAR_NAME)
apiVersion: v1
kind: Pod
metadata:
name: command-demo
spec:
containers:
- name: command-demo-container
image: debian
env:
- name: MESSAGE
value: "hello world"
command: ["/bin/echo"]
args: ["$(MESSAGE)"]This works the same as the above example. Just define an environment variable to be set from a secret.
apiVersion: v1
kind: Pod
metadata:
name: command-demo
spec:
containers:
- name: command-demo-container
image: debian
env:
- name: SECRET_MESSAGE
valueFrom:
secretKeyRef:
name: secret-name
key: message
command: ["/bin/echo"]
args: ["$(SECRET_MESSAGE)"]Add Secrets to the environment of the deployment configuration.
oc set env dc/hello-world --from secret/db-secretscheck application configuration:
$ oc set env dc/hello-world --list
# deploymentconfigs hello-world, container hello-world
# DATABASE_PASSWORD from secret db-secrets, key DATABASE_PASSWORD
# DATABASE_USERNAME from secret db-secrets, key DATABASE_USERNAMEEnv. variable from Secret
containers:
- env:
- name: MYAPP_SECRET_TOKEN
valueFrom:
secretKeyRef:
key: SECRET_TOKEN
name: secret-token-for-my-appCreate ConfigMap from file:
oc create configmap my-configmap --from-file=./config/application.xmlDefine volume from ConfigMap:
spec:
containers:
...
volumes:
- name: my-configmap-volume
configMap:
name: my-configmapThis will overwrite the whole folder inside the container:
spec:
containers:
- name: my-container
...
volumeMounts:
- name: my-configmap-volume
mountPath: /opt/app/configThe folder
/opt/app/configwill hold all files from the ConfigMap.
This will mount one file into a folder:
spec:
containers:
- name: my-container
...
volumeMounts:
- name: my-configmap-volume
mountPath: /opt/app/config/application.xml
subPath: application.xmlThe file is read only!
There is a Secret with two files in it.
creation:
oc create secret generic certificates --from-file=tls.key=/path/to/key.file --from-file=tls.crt=/path/to/cert.filecontent:
apiVersion: v1
data:
tls.crt: "bliblablu"
tls.key: "its42"
kind: Secret
metadata:
name: certificates
type: OpaqueI want to mount the files sperate and change the file names:
- tls.key -> /etc/ssl/private/ssl-cert.key
- tls.crt -> /etc/ssl/certs/ssl-cert.pem
The volumeMounts do the mounting of single files inside the desired directories.
The volumes are of typ projected. They do the magic of taking single files from a secret and changing the filename.
spec:
containers:
volumeMounts:
- mountPath: /etc/ssl/certs/ssl-cert.pem
name: volmount-ssl-cert
subPath: ssl-cert.pem
- mountPath: /etc/ssl/private/ssl-cert.key
name: volmount-ssl-key
subPath: ssl-cert.key
volumes:
- name: volmount-ssl-cert
projected:
sources:
- secret:
items:
- key: tls.crt
path: ssl-cert.pem
name: certificates
- name: volmount-ssl-key
projected:
sources:
- secret:
items:
- key: tls.key
path: ssl-cert.key
name: certificates