Add documentation for the EnvFiles Feature Gate

HirazawaUi · HirazawaUi · commit 6a02723f9543 · 2025-07-29T14:13:22.000+08:00
diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/EnvFiles.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/EnvFiles.md
@@ -0,0 +1,13 @@
+---
+title: EnvFiles
+content_type: feature_gate
+_build:
+  list: never
+  render: false
+
+stages:
+  - stage: alpha
+    defaultValue: false
+    fromVersion: "1.34"
+---
+Support defining container's Environment Variable Values via File.
diff --git a/content/en/docs/tasks/inject-data-application/define-environment-variable-via-file.md b/content/en/docs/tasks/inject-data-application/define-environment-variable-via-file.md
@@ -0,0 +1,91 @@
+---
+title: Defining Environment Variable Values via File
+content_type: task
+weight: 30
+---
+
+<!-- overview -->
+
+{{< feature-state feature_gate_name="EnvFiles" >}}
+
+This page show how to configure environment variables for containers in a Pod via file.
+To use this feature, ensure your Kubernetes version v1.34 or later
+with the EnvFiles feature gate enabled.
+
+## {{% heading "prerequisites" %}}
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+<!-- steps -->
+
+## Using File to Define Environment Variables for Containers in a Pod
+
+In this exercise, you'll create a Pod that sources environment variables from files, 
+projecting these values into the running container.
+
+{{% code_sample file="pods/inject/dapi-envars-file-container.yaml" %}}
+
+In this manifest, you can see the `initContainer` mounts an `emptyDir` volume and writes environment variables to a file within it,
+and the regular containers reference both the file and the environment variable key 
+through the `fileKeyRef` field without needing to mount the volume. 
+When `optional` field is set to false, the specified `key` in `fileKeyRef` must exist in the environment variables file.
+
+Please note that the volume will only be mounted to the environment variable producer container 
+(initContainer), while the consumer container that consumes the environment variable will not have the volume mounted.
+
+During container initialization, the kubelet retrieves environment variables 
+from specified files in the `emptyDir` volume and exposes them to the container.
+
+{{< note >}}
+All container types (`initContainers`, `regular containers`, `sidecars containers`,
+and `ephemeral containers`) support environment variable loading from files.
+
+While these environment variables can store sensitive information, 
+please note that `emptyDir` volumes don't provide the same protection mechanisms as 
+dedicated Secret objects. Therefore, exposing confidential environment variables 
+to containers through this feature is not considered a security best practice.
+{{< /note >}}
+
+
+Create the Pod:
+
+```shell
+kubectl apply -f https://k8s.io/examples/pods/inject/dapi-envars-file-container.yaml
+```
+
+Verify that the container in the Pod is running:
+
+```shell
+# If the new Pod isn't yet healthy, rerun this command a few times.
+kubectl get pods
+```
+
+Check container logs for environment variables:
+
+```shell
+kubectl logs dapi-test-pod -c use-envfile | grep CONFIG_MAIN
+```
+
+The output shows the values of selected environment variables:
+
+```
+CONFIG_MAIN=CONFIG_INIT
+```
+
+## {{% heading "whatsnext" %}}
+
+
+* Read [Defining Environment Variables for a Container](/docs/tasks/inject-data-application/define-environment-variable-container/)
+* Read the [`spec`](/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec)
+  API definition for Pod. This includes the definition of Container (part of Pod).
+* Read the list of [available fields](/docs/concepts/workloads/pods/downward-api/#available-fields) that you
+  can expose using the downward API.
+
+Read about Pods, containers and environment variables in the legacy API reference:
+
+* [PodSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core)
+* [Container](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#container-v1-core)
+* [EnvVar](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#envvar-v1-core)
+* [EnvVarSource](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#envvarsource-v1-core)
+* [ObjectFieldSelector](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#objectfieldselector-v1-core)
+* [ResourceFieldSelector](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#resourcefieldselector-v1-core)
diff --git a/content/en/examples/pods/inject/dapi-envars-file-container.yaml b/content/en/examples/pods/inject/dapi-envars-file-container.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-test-pod
+spec:
+  initContainers:
+    - name: setup-envfile
+      image:  nginx
+      command: ['sh', '-c', 'echo "CONFIG_INIT" > /data/config.env']
+      volumeMounts:
+        - name: config
+          mountPath: /data
+  containers:
+    - name: use-envfile
+      image: nginx
+      command: [ "/bin/sh", "-c", "env" ]
+      env:
+        - name: CONFIG_MAIN
+          valueFrom:
+            fileKeyRef:
+              path: config.env
+              volumeName: config
+              key: CONFIG_INIT
+              optional: false
+  restartPolicy: Never
+  volumes:
+    - name: config
