Using environment variables in Kubernetes deployment spec

I currently use a Kubernetes spec Deployment.yaml for deploying a service. The spec includes a verbatim reference to a specific IP address (marked as <static-ip-address> below):

spec:
  type: LoadBalancer
  loadBalancerIP: <static-ip-address>

I am concerned about pushing information such as passwords or IP addresses into remote Git repositories. Can I avoid this e.g. by making use of environment variables, e.g. with a deployment spec and actual deployment roughly as follows:

spec:
   type: LoadBalancer
   loadBalancerIP: ${SERVICE_ADDRESS}

and

export SERVICE_ADDRESS=<static-ip-address>
kubectl create -f Deployment.yaml

Obviously this specific syntax does not work yet. But is something like this possible and if so how?

I'd prefer not relying on a separate provisioning tool. Secrets and ConfigMaps seem promising, but apparently they cannot be consumed in a way that suits this purpose. If I could directly reference a static IP address that was defined with gcloud compute addresses create service-address that would be best.


Solution 1:

A much easier/cleaner solution: envsubst

In deploy.yml:

LoadbalancerIP: $LBIP

Then just create your env var and run kubectl like this:

export LBIP="1.2.3.4"
envsubst < deploy.yml | kubectl apply -f -

You just put regular Bash variables into whatever file you want to use, in this case the YAML manifest, and have ensubst read that file. It will output the file with the env vars replaced by their values. You can also use it to create new files like this:

envsubst < input.yml > output.yml

envsubst is available in e.g. Ubuntu/Debian gettext package.

Solution 2:

There was another pleasantly simple solution: I have a Google Compute Address my-address defined, and I can apparently use it in the service spec like so: loadBalancerIP: my-address.

With this as "external" source for IP addresses and secrets for passwords there is no more need for a provisioning tool (or templates) for my simple use case (within a GKE environment).

OBSOLETE NOW: I have decided on using a provisioning tool of sorts, namely "built-in" sed, after all.

My Deployment.yaml now contains a "template variable" e.g. in

loadBalancerIP: $$EXTERNAL_IP

and I deploy the service with, say, 1.2.3.4 as external IP address with

cat Deployment.yaml | sed s/\$\$EXTERNAL_IP/1.2.3.4/ | kubectl create -f -