Load env variables from ConfigMaps and Secrets upon Pod boot

2017-04-21

One of the coolest stuff I’ve picked up just today is that you can keep environment variables that you want to be loaded into every deployment pod in a neatly configured ConfigMap or Secret which gets injected back into the Pod during deploys.

Lets say you have a Secret that looks like:

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm

And you want username and password to be easily accessible in ENV['username'] and ENV['password'] on your application pods, all you need is a envFrom within your TemplateSpec

ie.

apiVersion: extension/v1beta1
kind: Deployment
spec:
  replicas:1
  template:
    spec:
      containers:
        - name: test-container
          image: gcr.io/google_containers/busybox
          command: [ "/bin/sh", "-c", "env" ]
          envFrom:
            - secretRef:
                name: mysecret

Because envFrom expects an array, you can do multiple references like:

envFrom:
  - secretRef:
      name: hello
  - configMapRef:
      name: hello2
  - configMapRef:
      name: hello3

This will take all the data keys from the 2 ConfigMaps and 1 Secret and load it into your pod.

References