[k8s] Environment Variable

[k8s] Environment Variable ============= ###### tags: `kubernetes` `application lifecycle management` ![](https://i.imgur.com/EaajldY.jpg) > create data, inject into Pod ## types of `valueFrom` + fieldRef ```yaml= env: - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name ``` + configMapKeyRef + secretKeyRef + resourceFieldRef ```yaml= env: - name: MY_CPU_REQUEST valueFrom: resourceFieldRef: containerName: test-container resource: requests.cpu ``` ## ConfigMap ```shell= # imperative way kubectl create configmap app-config \ --from-literal=APP_COLOR=blue \ --from-literal=APP_MODE=prod ``` ```yaml= # declarative way apiVersion: v1 kind: ConfigMap metadata: name: app-config data: APP_COLOR: blue APP_MODE: prod ``` ![](https://i.imgur.com/mviWYui.png) ![](https://i.imgur.com/NcgBqXQ.jpg) ## Secret > + Secrets are not encrypted. Only encoded. > + Configure least-privilege access to Secrets -RBAC > + Consider 3rd secrets store providers > + AWS provider, Azure provider, GCP provider, Vault provider ```shell= kubectl create secret generic app-secret \ --from-literal=DB_HOST=mysql \ --from-literal=DB_PASSWORD=passwrd ``` ```yaml= apkVersion: v1 kind: ConfigMap metadata: name: app-config data: DB_HOST: mysql DB_USER: root DB_PASSWORD: passwrd ``` ![](https://i.imgur.com/Jj1XQab.png) ![](https://i.imgur.com/tsWJ3FO.png) ![](https://i.imgur.com/a7XtBq5.jpg)