One of the coolest stuff I’ve picked up just today is that you can keep environment variables that you want to be loaded into every deployment pod in a neatly configured ConfigMap or Secret which gets injected back into the Pod during deploys.
Lets say you have a Secret that looks like:
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
And you want username and password to be easily accessible in ENV['username'] and ENV['password'] on your application pods, all you need is a envFrom within your TemplateSpec
ie.
apiVersion: extension/v1beta1
kind: Deployment
spec:
replicas:1
template:
spec:
containers:
- name: test-container
image: gcr.io/google_containers/busybox
command: [ "/bin/sh", "-c", "env" ]
envFrom:
- secretRef:
name: mysecret
Because envFrom expects an array, you can do multiple references like:
envFrom:
- secretRef:
name: hello
- configMapRef:
name: hello2
- configMapRef:
name: hello3
This will take all the data keys from the 2 ConfigMaps and 1 Secret and load it into your pod.