Using environment variables in Kubernetes deployment spec

environment-variables kubernetes google-kubernetes-engine

I currently use a Kubernetes spec Deployment.yaml for deploying a service. The spec includes a verbatim reference to a specific IP address (marked as <static-ip-address> below):

spec:
  type: LoadBalancer
  loadBalancerIP: <static-ip-address>

I am concerned about pushing information such as passwords or IP addresses into remote Git repositories. Can I avoid this e.g. by making use of environment variables, e.g. with a deployment spec and actual deployment roughly as follows:

spec:
   type: LoadBalancer
   loadBalancerIP: ${SERVICE_ADDRESS}

and

export SERVICE_ADDRESS=<static-ip-address>
kubectl create -f Deployment.yaml

Obviously this specific syntax does not work yet. But is something like this possible and if so how?

I'd prefer not relying on a separate provisioning tool. Secrets and ConfigMaps seem promising, but apparently they cannot be consumed in a way that suits this purpose. If I could directly reference a static IP address that was defined with gcloud compute addresses create service-address that would be best.


Solution 1:

A much easier/cleaner solution: envsubst

In deploy.yml:

LoadbalancerIP: $LBIP

Then just create your env var and run kubectl like this:

export LBIP="1.2.3.4"
envsubst < deploy.yml | kubectl apply -f -

You just put regular Bash variables into whatever file you want to use, in this case the YAML manifest, and have ensubst read that file. It will output the file with the env vars replaced by their values. You can also use it to create new files like this:

envsubst < input.yml > output.yml

envsubst is available in e.g. Ubuntu/Debian gettext package.

Solution 2:

There was another pleasantly simple solution: I have a Google Compute Address my-address defined, and I can apparently use it in the service spec like so: loadBalancerIP: my-address.

With this as "external" source for IP addresses and secrets for passwords there is no more need for a provisioning tool (or templates) for my simple use case (within a GKE environment).

OBSOLETE NOW: I have decided on using a provisioning tool of sorts, namely "built-in" sed, after all.

My Deployment.yaml now contains a "template variable" e.g. in

loadBalancerIP: $$EXTERNAL_IP

and I deploy the service with, say, 1.2.3.4 as external IP address with

cat Deployment.yaml | sed s/\$\$EXTERNAL_IP/1.2.3.4/ | kubectl create -f -

Related

What is the best filesystem for insert performance on PostgreSQL?
Monitor number of bytes transferred to/from IP address on port
On Linux, how can I tell how many ephemeral ports are left available?
Best MySQL cache settings for 8gb RAM dedicated MySQL server using only InnoDB (5gb database)
Installing SSL on a Windows Server 2012 with IIS 8.0
Completely reset PostgreSQL to default?
How can I prepend to PATH while running Ansible's pip module?
Kubernetes always gives 503 Service Temporarily Unavailable with multiple TLS Ingress
What is the name of an IP prefix with prefix length 31? (i.e. contains only 2 IP addresses)
What are some good web based trouble ticket systems?
Kill all processes that are running for more than 5 minutes by a given user in linux bash script
How much swap is being used on windows?