Given I have created a ConfigMap with a file like that :
VARIABLE1=foo
VARIABLE2=bar
Is there a way to access those values in Kubernetes or does it have to be in the YAML format?
Let's say you have a file called z with the contents above. You have two options to make that into a ConfigMap.
Option 1 (--from-file)
$ kubectl create cm cm1 --from-file=z
This will result in an object like this:
apiVersion: v1
kind: ConfigMap
metadata:
name: cm1
data:
z: |
VARIABLE1=foo
VARIABLE2=bar
There is no direct way to project a single value from this ConfigMap as it contains just one blob. However you can, from a shell used in command of a container source that blob (if you project it as a file) and then use the resulting environment variables.
Option 2 (--from-env-file)
$ kubectl create cm cm2 --from-env-file=z
This will result in an object like this:
apiVersion: v1
kind: ConfigMap
metadata:
name: cm2
data:
VARIABLE1: foo
VARIABLE2: bar
As you can see the different variables became separate key-value pairs in this case.
There are many more examples in the reference documentation
Related
Here it is my kustomization.yaml
kind: Kustomization
configMapGenerator:
- name: app-cm
literals:
- foo=bar
- var1=1
after kustomize build . I see var1 value in double quotes:
apiVersion: v1
data:
foo: bar
var1: "1"
kind: ConfigMap
metadata:
name: app-cm-ghtd2cb8m9
How should I compose kustomization.yaml the file to get the value of the variable without the quotes?
I expect var1 value without quotation as:
apiVersion: v1
data:
foo: bar
var1: 1
kind: ConfigMap
metadata:
name: app-cm-ghtd2cb8m9
What you expect can not be done. Kustomize did it right. The schema for a ConfigMap, in kubernetes, expects data do be a dict, whose values should be strings.
If we were to omit those quotes, while this yaml would still be "valid": when converted into json and posted to Kubernetes API, your value would be sent as an integer. This would violate ConfigMaps schema. Adding those quotes makes sure proper type would be used.
Maybe you can cast this value as integer in your application, or whatever you're trying to use this with.
I am new to Kubernetes, and trying to wrap my head around how to set secrets. I will try to illustrate with an example. Let's say I have a secret resource that looks like:
apiVersion: v1
kind: Secret
metadata:
name: big-secrets
type: Opaque
data:
secret-password: "secretMeow"
secret-key: "angryWoof"
database-password: "happyWhale"
How do I set up (not sure if set up is the right word here) these secrets using kubectl, and how do I retrieve them? I have tried reading through the following documentation but I am still not sure how to set up from a yaml file as mentioned above.
Using stringData it is possible to create a secret using plain text values:
apiVersion: v1
kind: Secret
metadata:
name: big-secrets
type: Opaque
stringData:
secret-password: "secretMeow"
secret-key: "angryWoof"
database-password: "happyWhale"
However it's worth noting it's provided more for convenience and the docs say:
It is provided as a write-only convenience method. All keys and values are merged into the data field on write, overwriting any existing values. It is never output when reading from the API.
For the question of how to read the secret, if you wanted it programatically, you could use a tool like jq to parse the Kubernetes output and base64 decode:
kubectl get secret big-secrets -o json | jq -r '.data["secret-password"] | #base64d'
This would get the created secret as JSON (-o yaml is also an option), read the data field for a given secret (secret-password in this case) and then base64 decode it.
Using yaml file you cannot create secret without encoded string value. Secret data value must be in base64 encoded in yaml file. If you want to create a secret from yaml file then you need to decode data value like below.
apiVersion: v1
kind: Secret
metadata:
name: big-secrets
type: Opaque
data:
secret-password: c2VjcmV0TWVvdwo=
secret-key: YW5ncnlXb29mCg==
database-password: aGFwcHlXaGFsZQo=
Or
You can use kubectl imperative command to create a secret from literal values like below.
kubectl create secret generic big-secrets --from-literal=secret-password="secretMeow" --from-literal=secret-key="angryWoof"
(using kubernetes v1.15.7 in minikube and matching client version and minikube 1.9.0)
If I kubectl apply a secret like this:
apiVersion: v1
data:
MY_KEY: dmFsdWUK
MY_SECRET: c3VwZXJzZWNyZXQK
kind: Secret
metadata:
name: my-secret
type: Opaque
then subsequently kubectl apply a secret removing the MY_SECRET field, like this:
apiVersion: v1
data:
MY_KEY: dmFsdWUK
kind: Secret
metadata:
name: my-secret
type: Opaque
The data field in the result is what I expect when I kubectl get the secret:
data:
MY_KEY: dmFsdWUK
However, if I do the same thing using stringData instead for the first kubectl apply, it does not remove the missing key on the second one:
First kubectl apply:
apiVersion: v1
stringData:
MY_KEY: value
MY_SECRET: supersecret
kind: Secret
metadata:
name: my-secret
type: Opaque
Second kubectl apply (stays the same, except replacing MY_KEY's value with b2hubyEK to show the configuration DID change)
apiVersion: v1
data:
MY_KEY: b2hubyEK
kind: Secret
metadata:
name: my-secret
type: Opaque
kubectl get result after applying the second case:
data:
MY_KEY: b2hubyEK
MY_SECRET: c3VwZXJzZWNyZXQ=
The field also does not get removed if the second case uses stringData instead. So it seems that once stringData is used once, it's impossible to remove a field without deleting the secret. Is this a bug? Or should I be doing something differently when using stringData?
kubectl apply need to merge / patch the changes here. How this works is described in How apply calculates differences and merges changes
I would recommend to use kustomize with kubectl apply -k and use the secretGenerator to create a unique secret name, for every change. Then you are practicing Immutable Infrastructure and does not get this kind of problems.
A brand new tool for config manangement is kpt, and kpt live apply may also be an interesting solution for this.
The problem is that stringData is a write only field. It doesn’t have convergent behavior so it breaks the merge patch generator system. Most high level tools fix this by converting to normal data before dealing with the patch.
I am creating a kubernetes configMap using '--from-env-file' option to store the file contents as environment variables.
kubectl create configmap env --from-env-file=env.properties -n namespace
When I create a terraform resource as below, the created configMap contains a file, not environment variables.
resource "kubernetes_config_map" "env" {
metadata {
name = "env-config"
namespace = var.namespace
}
data = {
"env.properties" = "${file("${path.module}/env.properties")}"
}
}
How to create configMap with file content as environment variables using terraform-kubernetes-provider resource ?
If env.properties looks like this:
$ cat env.properties
enemies=aliens
lives=3
allowed="true"
Then kubectl create configmap env --from-env-file=env.properties -n namespace would result in something like this:
apiVersion: v1
kind: ConfigMap
metadata:
name: env
namespace: namespace
data:
allowed: '"true"'
enemies: aliens
lives: "3"
But what you're doing with Terraform would result in something more like this:
apiVersion: v1
kind: ConfigMap
metadata:
name: env
namespace: namespace
data:
env.properties: |
enemies=aliens
lives=3
allowed="true"
Based on the Terraform docs it appears that what you're looking for, i.e. some native support for --from-env-file behaviour within the Terraform provider, is not possible.
The ConfigMap format that you get doing it the Terraform way could still be useful, you might just have to change how you're pulling the data from the ConfigMap into your pods/deployments. If you can share more details, and even a simplified/sanitized example of your pods/deployments where you're consuming the config map, it may be possible to describe how to change those to make use of the different style of ConfigMap. See more here.
I see here a syntax like this:
kubectl create cm configmap4 --from-file=special=config4.txt
I did not find a description of what repetition of = and the special means here.
Kubernetes documentation here only denotes one time usage of = after --from-file while creating configmaps in kubectl.
It appears from generating the YAML that this middle key mean all the keys that are being loaded from the file to be nested inside the mentioned key (special keyword in the question example).
It appears like this:
apiVersion: v1
data:
special: |
var3=val3
var4=val4
kind: ConfigMap
metadata:
creationTimestamp: "2019-06-01T08:20:15Z"
name: configmap4
namespace: default
resourceVersion: "123320"
selfLink: /api/v1/namespaces/default/configmaps/configmap4
uid: 1582b155-8446-11e9-87b7-0800277f619d
kubectl create configmap my-config --from-file=path/to/bar
When creating a configmap based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key, you may specify an alternate key.
Create a new configmap named my-config with specified keys instead of file basenames on disk
kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt