Allow almost all printable ASCII characters in environment variables
HirazawaUi
parent
bcb986389e
commit
0c1b3e3d03
|
|
@ -205,6 +205,43 @@ ConfigMaps consumed as environment variables are not updated automatically and r
|
||||||
A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes#using-subpath) volume mount will not receive ConfigMap updates.
|
A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes#using-subpath) volume mount will not receive ConfigMap updates.
|
||||||
{{< /note >}}
|
{{< /note >}}
|
||||||
|
|
||||||
|
|
||||||
|
### Using Configmaps as environment variables
|
||||||
|
|
||||||
|
To use a Configmap in an {{< glossary_tooltip text="environment variable" term_id="container-env-variables" >}}
|
||||||
|
in a Pod:
|
||||||
|
|
||||||
|
1. For each container in your Pod specification, add an environment variable
|
||||||
|
for each Configmap key that you want to use to the
|
||||||
|
`env[].valueFrom.configMapKeyRef` field.
|
||||||
|
1. Modify your image and/or command line so that the program looks for values
|
||||||
|
in the specified environment variables.
|
||||||
|
|
||||||
|
This is an example of defining a ConfigMap as a pod environment variable:
|
||||||
|
```yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: env-configmap
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: envars-test-container
|
||||||
|
image: nginx
|
||||||
|
env:
|
||||||
|
- name: CONFIGMAP_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: myconfigmap
|
||||||
|
key: username
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
It's important to note that the range of characters allowed for environment
|
||||||
|
variable names in pods is [restricted](/docs/tasks/inject-data-application/
|
||||||
|
/define-environment-variable-container/#using-environment-variables-inside-of-your-config),
|
||||||
|
If any keys do not meet the rules, those keys are not made available to your container, though
|
||||||
|
the Pod is allowed to start.
|
||||||
|
|
||||||
## Immutable ConfigMaps {#configmap-immutable}
|
## Immutable ConfigMaps {#configmap-immutable}
|
||||||
|
|
||||||
{{< feature-state for_k8s_version="v1.21" state="stable" >}}
|
{{< feature-state for_k8s_version="v1.21" state="stable" >}}
|
||||||
|
|
|
||||||
|
|
@ -564,25 +564,10 @@ in a Pod:
|
||||||
For instructions, refer to
|
For instructions, refer to
|
||||||
[Define container environment variables using Secret data](/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data).
|
[Define container environment variables using Secret data](/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data).
|
||||||
|
|
||||||
#### Invalid environment variables {#restriction-env-from-invalid}
|
It's important to note that the range of characters allowed for environment variable names in pods is [restricted](/docs/tasks/inject-data-application/
|
||||||
|
/define-environment-variable-container/#using-environment-variables-inside-of-your-config),
|
||||||
If your environment variable definitions in your Pod specification are
|
If any keys do not meet the rules, those keys are not made available to your container, though
|
||||||
considered to be invalid environment variable names, those keys aren't made
|
the Pod is allowed to start.
|
||||||
available to your container. The Pod is allowed to start.
|
|
||||||
|
|
||||||
Kubernetes adds an Event with the reason set to `InvalidVariableNames` and a
|
|
||||||
message that lists the skipped invalid keys. The following example shows a Pod that refers to a Secret named `mysecret`, where `mysecret` contains 2 invalid keys: `1badkey` and `2alsobad`.
|
|
||||||
|
|
||||||
```shell
|
|
||||||
kubectl get events
|
|
||||||
```
|
|
||||||
|
|
||||||
The output is similar to:
|
|
||||||
|
|
||||||
```
|
|
||||||
LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON
|
|
||||||
0s 0s 1 dapi-test-pod Pod Warning InvalidEnvironmentVariableNames kubelet, 127.0.0.1 Keys [1badkey, 2alsobad] from the EnvFrom secret default/mysecret were skipped since they are considered invalid environment variable names.
|
|
||||||
```
|
|
||||||
|
|
||||||
### Container image pull Secrets {#using-imagepullsecrets}
|
### Container image pull Secrets {#using-imagepullsecrets}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
title: RelaxedEnvironmentVariableValidation
|
||||||
|
content_type: feature_gate
|
||||||
|
_build:
|
||||||
|
list: never
|
||||||
|
render: false
|
||||||
|
|
||||||
|
stages:
|
||||||
|
- stage: alpha
|
||||||
|
defaultValue: false
|
||||||
|
fromVersion: "1.30"
|
||||||
|
---
|
||||||
|
Allow almost all printable ASCII characters in environment variables.
|
||||||
|
|
@ -102,6 +102,11 @@ Honorable`, and `Kubernetes`, respectively. The environment variable
|
||||||
`MESSAGE` combines the set of all these environment variables and then uses it
|
`MESSAGE` combines the set of all these environment variables and then uses it
|
||||||
as a CLI argument passed to the `env-print-demo` container.
|
as a CLI argument passed to the `env-print-demo` container.
|
||||||
|
|
||||||
|
Environment variable names consist of letters, numbers, underscores,
|
||||||
|
dots, or hyphens, but the first character cannot be a digit.
|
||||||
|
If the `RelaxedEnvironmentVariableValidation` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled,
|
||||||
|
all [printable ASCII characters](https://www.ascii-code.com/characters/printable-characters) except "=" may be used for environment variable names.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue