|
| 1 | +--- |
| 2 | +layout: blog |
| 3 | +title: "Kubernetes v1.34: Introducing Environment variable files" |
| 4 | +date: 2025-0X-XX |
| 5 | +draft: true |
| 6 | +slug: kubernetes-v1-34-env-files |
| 7 | +author: > |
| 8 | + HirazawaUi |
| 9 | +--- |
| 10 | + |
| 11 | +## EnvFiles: A New Approach to Kubernetes Environment Variables |
| 12 | +Kubernetes typically uses `ConfigMaps` and `Secrets` to set environment variables, |
| 13 | +which introduces additional API calls and complexity, |
| 14 | +For example, you need to separately manage the Pods of your workloads |
| 15 | +and their configurations, while ensuring orderly |
| 16 | +updates for both the configurations and the workload Pods. |
| 17 | + |
| 18 | +Alternatively, you might be using a vendor-supplied container |
| 19 | +that requires environment variables (such as a license key or a one-time token), |
| 20 | +but you don’t want to hard-code them or mount volumes just to get the job done. |
| 21 | + |
| 22 | +At this point, you can use the env files feature, |
| 23 | +which is managed by the `EnvFiles` feature gate. |
| 24 | +Currently in the Alpha stage, |
| 25 | +this functionality allows you to load environment variables directly from a file in an emptyDir volume |
| 26 | +without actually mounting that file into the container. |
| 27 | +It’s a simple yet elegant solution to some surprisingly common problems. |
| 28 | + |
| 29 | +## What’s EnvFiles All About? |
| 30 | +At its core, `EnvFiles` allows you to point your container to a file, |
| 31 | +one generated by an `initContainer`, |
| 32 | +and have Kubernetes parse that file to set your environment variables. |
| 33 | +The file lives in an `emptyDir` volume (a temporary storage space that lasts as long as the pod does), |
| 34 | +Your main container doesn’t need to mount the volume. |
| 35 | +The kubelet will read the file and inject these variables when the container starts. |
| 36 | + |
| 37 | +## How It Works |
| 38 | +Here's a simple example: |
| 39 | +``` |
| 40 | +apiVersion: v1 |
| 41 | +kind: Pod |
| 42 | +spec: |
| 43 | + initContainers: |
| 44 | + - name: generate-config |
| 45 | + image: busybox |
| 46 | + command: ['sh', '-c', 'echo "CONFIG_VAR=HELLO" > /config/config.env'] |
| 47 | + volumeMounts: |
| 48 | + - name: config-volume |
| 49 | + mountPath: /config |
| 50 | + containers: |
| 51 | + - name: app-container |
| 52 | + image: gcr.io/distroless/static |
| 53 | + env: |
| 54 | + - name: CONFIG_VAR |
| 55 | + valueFrom: |
| 56 | + fileKeyRef: |
| 57 | + path: config.env |
| 58 | + volumeName: config-volume |
| 59 | + key: CONFIG_VAR |
| 60 | + volumes: |
| 61 | + - name: config-volume |
| 62 | + emptyDir: {} |
| 63 | +``` |
| 64 | + |
| 65 | +Using EnvFiles is a breeze. |
| 66 | +You define your environment variables in the pod spec using the `fileKeyRef` field, |
| 67 | +which tells Kubernetes where to find the file and which key to pull. |
| 68 | +The file itself follows standard .env syntax (think KEY=VALUE), |
| 69 | +and it’s stored in an emptyDir volume. |
| 70 | +The initContainer mounts the volume to write the file, |
| 71 | +but the main container doesn’t need to—it just gets the variables handed to it at startup. |
| 72 | + |
| 73 | +## A Word on Security |
| 74 | +One quick heads-up: while `EnvFiles` can handle sensitive data like keys or tokens, |
| 75 | +it’s not a drop-in replacement for Secrets. |
| 76 | +The `emptyDir` volumes do not provide the same [security protections as Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#information-security-for-secrets). |
| 77 | +so if security is a top concern, stick with Secrets where possible. |
| 78 | +We’ll make sure the docs call this out clearly. |
0 commit comments