Skip to content

Instantly share code, notes, and snippets.

@etoews etoews/.gitignore
Last active Aug 27, 2017

Embed
What would you like to do?
Code for Inject an Executable Script into a Container in Kubernetes http://blog.phymata.com/2017/08/27/managing-env-vars-and-secrets-in-kubernetes/
*
!.gitignore
!README.md
!template.sh

Environments

Development environment

To create a dev env config, run the following commands.

cp envs/template.sh envs/dev.sh

sed -i "" "s/changme-env/dev/g" envs/dev.sh
sed -i "" "s/changme-postgres-password/$(openssl rand -base64 27 | tr -dc A-Za-z0-9)/g" envs/dev.sh
$ kubectl create secret generic foo-credentials --from-env-file <(env | grep FOO_)
secret "foo-credentials" created
$ kubectl apply -f postgres-deployment.yaml
deployment "postgres" created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
postgres-3552183314-4lrqr 1/1 Running 0 10s
$ kubectl exec postgres-3552183314-4lrqr -it -- sh
/ # echo ${POSTGRES_PASSWORD}
XB2Dc8hOTVGu2AQeTVVyGo9xYk0WuqAU2JT
/ # exit
$ minikube start
Starting local Kubernetes v1.7.0 cluster...
Starting VM...
Getting VM IP address...
Moving files into cluster...
Setting up certs...
Starting cluster components...
Connecting to cluster...
Setting up kubeconfig...
Kubectl is now configured to use the cluster.
$ git clone https://gist.github.com/8d7bcafb5e26e9b96735ade35505f5c5.git manage-env-vars-and-secrets
$ cd manage-env-vars-and-secrets
# move some files around because gists don't do dirs
$ mkdir envs
$ mv template.sh README.md .gitignore envs/
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: postgres
labels:
app: foo
spec:
template:
metadata:
labels:
app: foo
tier: db
spec:
containers:
- name: postgres
image: postgres:9-alpine
ports:
- name: postgres
containerPort: 5432
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: foo-credentials
key: FOO_POSTGRES_PASSWORD
- name: POD_IP
valueFrom: { fieldRef: { fieldPath: status.podIP } }
livenessProbe:
exec:
command: ["sh", "-c", "exec pg_isready --host $POD_IP"]
initialDelaySeconds: 60
timeoutSeconds: 5
failureThreshold: 6
readinessProbe:
exec:
command: ["sh", "-c", "exec pg_isready --host $POD_IP"]
initialDelaySeconds: 5
timeoutSeconds: 3
periodSeconds: 5
volumeMounts:
- name: pg-data
mountPath: /var/lib/postgresql/data
volumes:
- name: pg-data
emptyDir: {}
# Configuration for the Foo app
# Change all values that start with changeme
export FOO_ENV=changme-env
export FOO_POSTGRES_PASSWORD=changme-postgres-password
$ cp envs/template.sh envs/dev.sh
$ sed -i "" "s/changme-env/dev/g" envs/dev.sh
$ sed -i "" "s/changme-postgres-password/$(openssl rand -base64 27 | tr -dc A-Za-z0-9)/g" envs/dev.sh
# unset any existing config
$ unset ${!FOO_*}
$ source envs/dev.sh
# double check your config
$ env | grep FOO_ | sort
FOO_DB=dev
FOO_POSTGRES_PASSWORD=XB2Dc8hOTVGu2AQeTVVyGo9xYk0WuqAU2JT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.