🚀 Build your Minimum Viable Platform (MVP) with our playbook. Start now
close icon
All blogs
How To Handle Environment Variables With Kubernetes?

How To Handle Environment Variables With Kubernetes?

Chris Ward
June 5, 2020

Environment variables are a common way for developers to move application and infrastructure configuration into an external source outside of application code. This post shows you the variety of ways Kuberentes helps you create and manage environment variables within kubernetes.

Table of contents
Example H2
Example H3
Example H4
Example H5
Example H6

An Introduction to Environment Variables

Environment variables are a common way for developers to move application and infrastructure configuration into an external source outside of application code. They play a fundamental role in environment management. A common reason to do this is to enable easier switching between environments. If you keep the key configuration, you need to move your application between a development and testing machine separate from the code; your application is more portable.

When an application runs on a machine, the variable becomes part of the environment a process runs in. Typically you can set these variables directly from a terminal, from a configuration file in a home directory, or using other tools.

For example, to set a variable in your command line, run the following:

<p> CODE: https://gist.github.com/ChrisChinchilla/ca38616c7a617985fc1c7077cd6e7726.js </p>

And echo it back out to the screen:

<p> CODE: https://gist.github.com/ChrisChinchilla/c6395d3c9ce956886f44c06b5279ec74.js </p>

Environment Variables and Kubernetes

A Pod is the basic execution unit of a Kubernetes application and represents processes running on your cluster.

When you create a Pod (with a Deployment, StatefulSet, or other means), you set environment variables for the containers that run in the Pod, which Kubernetes then passes to the application(s) inside the Pods.

There are two ways to define environment variables with Kubernetes: by setting them directly in a configuration file, from an external configuration file, using variables, or a secrets file.

This tutorial shows both options, and uses the Humanitec getting started application used in previous tutorials. The backend deployment spec sections use environment variables to send database access details to the backend service, and details of the backend to the front end service.

Using name and value Pairs

In the Deployment this consists of the env field and an array of EnvVars (which represents an environment variable in a container).

Each EnVar further consists of a name for the variable, and a value (a string).

<p> CODE: https://gist.github.com/ChrisChinchilla/94116daf27e4affadab6ef909a1724d3.js </p>

Using a configMap

Another method for defining environment variables is using configMaps. You can use configMaps for more than environment variables, but they primarily help you decouple configuration from image content and the infrastructure that supports that content.

The Postgres StatefulSet container spec section uses environment variables to configure the default Postgres database. Instead of using in-line variables, it uses envFrom to populate them from the configMapRef named postgres-config.

<p> CODE: https://gist.github.com/ChrisChinchilla/d011b29d2d73b042cece42a4909bdc9d.js </p>

And here’s the configMap, the majority of which is metadata, and the data section contains the variables passed back to the StatefulSet:

<p> CODE: https://gist.github.com/ChrisChinchilla/ada88ea93b3660f69351f632ddd0bf05.js </p>

For more flexibility and decoupling from Kubernetes, you can also use external configuration files in the format VAR=VAL, and create configMaps from them by using a kubectl command like the below:

kubectl create configmap postgres-config --from-env-file=postgres-config.properties

The postgres-config.properties file contains the below:

<p> CODE: https://gist.github.com/ChrisChinchilla/6aeda63e0e32ba6b8c7da07bfe06bef9.js </p>

Read more about configMaps in the Kubernetes documentation.

Using Kubernetes Variables

Instead of using the value field to set a value directly, you can instead use valueFrom that lets you set the value of environment variables to the value of Pod fields and container resources in your Kubernetes cluster.

From other Fields

The values for fields are limited to Pod fields from its metadata, name, service account name, and IP addresses, but the list may grow in the future.

The frontend deployment uses a label selector to set PRODUCT_BE_SERVER_URL environment variable to the frontend application requires. Using fieldRef, you could instead use the current IP address of the Pod running a container and set the environment variable with that.

<p> CODE: https://gist.github.com/ChrisChinchilla/13459c50eb8db3a17b60e5afbe1a304a.js </p>

Using other values follow a similar pattern, using metadata.*, status.*, spec.* to access the value you want.

From Resources

The values for resources are limited to container CPU, memory, and storage limits and requests, but the list may grow in the future.

While it works, the spec for the example application backend deployment doesn’t set any resource limits on containers, which is generally bad Kubernetes practice, especially when running in production.

By using resourceFieldRef, the code example below from the backend deployment sets a MEMORY_LIMIT environment variable to the container that it, and the applications running in it, can use.

<p> CODE: https://gist.github.com/ChrisChinchilla/5d111502611294fe392923e879bf4b1e.js </p>

The other values follow a similar pattern, using limits.* to access the value you want.

Secrets

The other common use for environment variables is storing secrets for sensitive information, such as passwords and access keys. These work in a similar way to configMaps (and you could use either for similar purposes), but secrets imply a certain level of security and privacy needed, and Kubernetes requires you to encode the values.

Using a Secret instead of a configMap for the Postgres user details is a more secure method in production, so let’s convert part of the Postgres configMap to secrets.

Create the following postgres-secrets.yml, as this is a secret, you need to base64 encode each data value:

<p> CODE: https://gist.github.com/ChrisChinchilla/0e0fc32d051ca5ab11f16a73d50ab815.js </p>

You can also use stringData instead of data and instead use unencoded values, Kubernetes then encodes the values for you when you create or update the secret. This is useful when your deployment process generates configuration, and you want to set the value at this stage.

Change the Postgres StatefulSet to the following:

<p> CODE: https://gist.github.com/ChrisChinchilla/8f332725f9e9b20c019c4c881c9f5f85.js </p>

The code above still uses the configMap for getting the database location but uses the separate Secret for the user account.

Find more details about Secrets in the Kubernetes documentation.
‍

How Humanitec can help

After an introduction to environment variables by Christoph Richter, we have provided some hands-on examples in this article. As you see, managing environment variables can be pretty complex, especially when you need to handle multiple environments in parallel. Stay tuned and read in our next article, how Humanitec can help manage environment variables in a more efficient way.

Do you have more questions about environment variables? Humanitec's DevOps experts are happy to answer your questions during a free webinar!

Chris Ward
Freelance Tech Writer
LinkedIn

Chris is a freelance tech writer who loves to explain complex technology in terms that anyone can hopefully understand.

Upcoming events

Webinars
Webinars
Webinars
Platform Engineering GTM strategy: From soup to nuts
April 30, 2024
45 min
Bi-weekly

Please join Jordan Chernev, former Sr. Director, Platform Engineering at Wayfair, as he discusses best practices on evolving away from a centralized DevOps team to a platform engineering practice. Jordan will discuss building and supporting a global and highly scalable platform-as-a-product that enables and accelerates cloud-native development and application modernization efforts.

Jordan Chernev
Frmr. Sr. Director, Platform Engineering at Wayfair
Find out more
Webinars
Webinars
Webinars
Platform Orchestrator: The platform engineering game changer
May 7, 2024
45 min
Bi-weekly

With platform engineering becoming integral to the way companies build and deploy to their cloud native setups, enterprises are turning to Platform Orchestrators to ensure their Internal Developer Platforms are secure and scalable.

Luca Galante
Product
Find out more
See all events

Recommended articles

No items found.
Fork our pre-packaged platform architectures as code and start building
Select your cloud provider
Join our Newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
WHY
Why Platform EngineeringWhy Internal Developer PlatformWhy Humanitec
PRODUCT
Product overviewPlatform OrchestratorScorePortalIntegrationsPricing
Features
Environment managementDeployment managementInfrastructure orchestrationDeveloper self-serviceRBAC & governance
Use Cases
Use cases overview
Kubernetes migration
Kubernetes complexity
Eliminate ticket Ops
End-to-end self service
Build developer portals
Build an IDP
Company
About Humanitec
Careers
Hiring
CustomersProfessional ServicesContact
Resources
DocsBlogWhitepapersFAQStart free trial
Community
SlackEvents
Reference ARCHITECTURES
AWS
Azure
GCP
Red Hat OpenShift
©2024 Humanitec. All Rights Reserved.
ImprintSupportSecurityStatusPoliciesTechnical DefinitionsWhistleblowing