Add documentation for the EnvFiles feature gate #51415
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| --- | ||
| title: EnvFiles | ||
| content_type: feature_gate | ||
| _build: | ||
| list: never | ||
| render: false | ||
|
|
||
| stages: | ||
| - stage: alpha | ||
| defaultValue: false | ||
| fromVersion: "1.34" | ||
| --- | ||
| Support defining container's Environment Variable Values via File. | ||
| See [Define Environment Variable Values Using An Init Container](/docs/tasks/inject-data-application/define-environment-variable-via-file) for more details. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| --- | ||
| title: Define Environment Variable Values Using An Init Container | ||
| content_type: task | ||
| min-kubernetes-server-version: v1.34 | ||
| weight: 30 | ||
| --- | ||
|
|
||
| <!-- overview --> | ||
|
|
||
| {{< feature-state feature_gate_name="EnvFiles" >}} | ||
|
|
||
| This page show how to configure environment variables for containers in a Pod via file. | ||
|
|
||
| ## {{% heading "prerequisites" %}} | ||
|
|
||
| {{< include "task-tutorial-prereqs.md" >}} | ||
|
|
||
| {{% version-check %}} | ||
|
|
||
| <!-- steps --> | ||
|
|
||
| ## How the design works | ||
|
|
||
| In this exercise, you will create a Pod that sources environment variables from files, | ||
| projecting these values into the running container. | ||
|
|
||
| {{% code_sample file="pods/inject/envars-file-container.yaml" %}} | ||
|
|
||
| In this manifest, you can see the `initContainer` mounts an `emptyDir` volume and writes environment variables to a file within it, | ||
| and the regular containers reference both the file and the environment variable key | ||
| through the `fileKeyRef` field without needing to mount the volume. | ||
| When `optional` field is set to false, the specified `key` in `fileKeyRef` must exist in the environment variables file. | ||
|
|
||
| The volume will only be mounted to the container that writes to the file | ||
| (`initContainer`), while the consumer container that consumes the environment variable will not have the volume mounted. | ||
|
|
||
| During container initialization, the kubelet retrieves environment variables | ||
| from specified files in the `emptyDir` volume and exposes them to the container. | ||
|
|
||
| {{< note >}} | ||
| All container types (initContainers, regular containers, sidecars containers, | ||
| and ephemeral containers) support environment variable loading from files. | ||
|
|
||
| While these environment variables can store sensitive information, | ||
| `emptyDir` volumes don't provide the same protection mechanisms as | ||
| dedicated Secret objects. Therefore, exposing confidential environment variables | ||
| to containers through this feature is not considered a security best practice. | ||
|
There was a problem hiding this comment. I am not sure about this; the Secret API also has problems. There was a problem hiding this comment. Secrets generally offer higher security. |
||
| {{< /note >}} | ||
|
|
||
|
|
||
| Create the Pod: | ||
|
|
||
| ```shell | ||
| kubectl apply -f https://k8s.io/examples/pods/inject/envars-file-container.yaml | ||
| ``` | ||
|
|
||
| Verify that the container in the Pod is running: | ||
|
|
||
| ```shell | ||
| # If the new Pod isn't yet healthy, rerun this command a few times. | ||
| kubectl get pods | ||
| ``` | ||
|
|
||
| Check container logs for environment variables: | ||
|
|
||
| ```shell | ||
| kubectl logs dapi-test-pod -c use-envfile | grep DB_ADDRESS | ||
| ``` | ||
|
|
||
| The output shows the values of selected environment variables: | ||
|
|
||
| ``` | ||
| DB_ADDRESS=address | ||
| ``` | ||
|
|
||
| ## `.env` File Syntax | ||
|
|
||
| The following syntax rules apply to environment files: | ||
|
|
||
| * Blank Lines: Blank lines are ignored. | ||
|
|
||
| * Leading Spaces: Leading spaces on all lines are ignored. | ||
|
|
||
| * Variable Declaration: Variables must be declared as `VAR=VAL`. Spaces surrounding `=` and trailing spaces are ignored. | ||
| ``` | ||
| VAR=VAL → VAL | ||
| ``` | ||
|
|
||
| * Comments: Lines beginning with # are treated as comments and ignored. | ||
| ``` | ||
| # comment | ||
| VAR=VAL → VAL | ||
|
|
||
| VAR=VAL # not a comment → VAL # not a comment | ||
| ``` | ||
|
|
||
| * Line Continuation: A backslash (`\`) at the end of a variable declaration line indicates the value continues on the next line. The lines are joined with a single space. | ||
| ``` | ||
| VAR=VAL \ | ||
| VAL2 | ||
| → VAL VAL2 | ||
| ``` | ||
|
|
||
|
|
||
|
|
||
| ## {{% heading "whatsnext" %}} | ||
|
|
||
| * Learn more about [environment variables](/docs/tasks/inject-data-application/environment-variable-expose-pod-information/). | ||
| * Read [Defining Environment Variables for a Container](/docs/tasks/inject-data-application/define-environment-variable-container/) | ||
| * Read [Expose Pod Information to Containers Through Environment Variables](/docs/tasks/inject-data-application/environment-variable-expose-pod-information) | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| apiVersion: v1 | ||
| kind: Pod | ||
| metadata: | ||
| name: envfile-test-pod | ||
| spec: | ||
| initContainers: | ||
| - name: setup-envfile | ||
| image: nginx | ||
| command: ['sh', '-c', 'echo "DB_ADDRESS=address\nREST_ENDPOINT=endpoint" > /data/config.env'] | ||
| volumeMounts: | ||
| - name: config | ||
| mountPath: /data | ||
| containers: | ||
| - name: use-envfile | ||
| image: nginx | ||
| command: [ "/bin/sh", "-c", "env" ] | ||
| env: | ||
| - name: DB_ADDRESS | ||
| valueFrom: | ||
| fileKeyRef: | ||
| path: config.env | ||
| volumeName: config | ||
| key: DB_ADDRESS | ||
| optional: false | ||
| restartPolicy: Never | ||
| volumes: | ||
| - name: config | ||
| emptyDir: {} |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.