Question 121202 in Redis Question posted in
The official documentation can be found here.

Redis – Setting environment variables in kubernetes manifest using "kubectl set env"

I am trying to update a helm-deployed deployment so that it uses a secret stored as a k8s secret resource. This must be set as the STORAGE_PASSWORD environment variable in my pod.

In my case, the secret is in secrets/redis and the data item is redis-password:

$ kubectl get secret/redis -oyaml
apiVersion: v1
data:
  redis-password: XXXXXXXXXXXXXXXX=
kind: Secret
metadata:
  name: redis
type: Opaque

I have tried:

$ kubectl set env --from secret/redis deployment/gateway --keys=redis-password
Warning: key redis-password transferred to REDIS_PASSWORD
deployment.apps/gateway env updated

When I look in my updated deployment manifest, I see the variable has been added but (as suggested) the variable has been set to REDIS_PASSWORD:

        - name: REDIS_PASSWORD
          valueFrom:
            secretKeyRef:
              key: redis-password
              name: redis

I have also tried kubectl patch with a replace operation, but I can’t get the syntax correct to have the secret inserted.

How do I change the name of the environment variable to STORAGE_PASSWORD?

Tags:

2

Answers


  1. 0

    you may also update resources with kubectl edit:

    kubectl edit deployment gateway

    then edit the yaml file

        # - name: REDIS_PASSWORD
    - name: STORAGE_PASSWORD
      valueFrom:
        secretKeyRef:
          key: redis-password
          name: redis

    FYI: https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#kubectl-edit

    Login or Signup to reply.
  2. 0

    Given a deployment that looks like this:

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: example
spec:
  replicas: 1
  template:
    spec:
      containers:
        - image: alpinelinux/darkhttpd
          name: darkhttpd
          args:
            - --port
            - "9991"
          ports:
            - name: http
              protocol: TCP
              containerPort: 9991
          env:
            - name: EXAMPLE_VAR
              value: example value

    The syntax for patching in your secret would look like:

    kubectl patch deploy/example --patch='
  {
    "spec": {
      "template": {
        "spec": {
          "containers": [
            {
              "name": "darkhttpd",
              "env": [
                {
                  "name": "STORAGE_PASSWORD",
                  "valueFrom": {
                    "secretKeyRef": {
                      "name": "redis",
                      "key": "redis-password"
                    }
                  }
                }
              ]
            }
          ]
        }
      }
    }
  }
'

    Or using a JSONPatch style patch:

    kubectl patch --type json deploy/example --patch='
[
  {
    "op": "add",
    "path": "/spec/template/spec/containers/0/env/-",
    "value": {
      "name": "STORAGE_PASSWORD",
      "valueFrom": {
        "secretKeyRef": {
          "name": "redis",
          "key": "redis-password"
        }
      }
    }
  }
]
'

    Neither one is especially pretty because you’re adding a complex nested structure to an existing complex nested structure.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search