env
apiVersion: v1
kind: Pod
metadata:
name: app-pod
spec:
containers:
- name: app-pod
image: app-pod
ports:
- contaierPort: 80
env:
- name: DB_NAME
value: mysql
Type
- plain key value
```yaml
env:
- name: DB_NAME value: mysql ```
- configMap
- Create a configMap:
- Imperative way:
kubectl create configmap- from literal:
kubectl create configmap \ <config_name> --from-literal=<key>=<value>` - from file:
kubectl create configmap \ <config_name> --from-file=<path-to-file>`
- from literal:
- Declarative way:
kubectl create -fapiVersion: v1 kind: ConfigMap metadata: name: app-config data: DB_NAME: mysql ENV: prod
- Imperative way:
- ConfigMap in Pod: ```yaml env:
- name: DB_NAME valueFrom: configMapKeyRef ```
- Command:
- Get:
kubectl get configmaps - Describe:
kubectl describe configmaps
- Get:
- Create a configMap:
- secret
- Create a secret:
- Imperative way:
kubectl create secret generic- from literal: ```bash kubectl create secret generic\
--from-literal= = ` ``` - from file: ```bash kubectl create secret generic\ --from-file= ` ``` - Declarative way:
kubectl create -f- Convert data into hash:
echo -n "pwd" | base64 - Put hash into yaml
apiVersion: v1 kind: secret metadata: name: app-secret data: DB_Host: <hash> DB_User: <hash> DB_Password: <hash>
- Convert data into hash:
- Imperative way:
- Secret in Pod:
```yaml
env:
- name: DB_Host valueFrom: secretKeyRef ```
- Command:
- Get:
kubectl get secrets - Describe:
kubectl describe secrets - To yaml:
kubectl get secret <secret_name> -o yaml - Decode hash:
echo -n "<hash>" | base64 --decode
- Get:
- Create a secret:
- Security Context
- You can write in pod or container level.
- Priority: container > pod
apiVersion: v1 kind: Pod metadata: name: pod spec: securityContext: <-- pod level runAsUser: 1000 containers: - name: ubuntu image: ubuntu command: ["echo", "hi"] securityContext: <-- container level runAsUser: 1000 capabilities: <-- container level only add: ["MAC_ADMIN"]