If you run Kubernetes in production or are experimenting with containerized apps in Kubernetes, there's a good chance you'll need to work with environment variables.
For many applications, environment variables play a key role in defining configuration data. These configurations determine how the containers or Kubernetes pods that host the application will run and help them access secrets.
In this walkthrough, learn how to set environment variables in Kubernetes via the command line or a YAML file, and compare the pros and cons of using environment variables to manage Kubernetes configurations and secrets.
What are environment variables in Kubernetes?
A Kubernetes environment variable is a dynamic value that configures some aspect of the environment in which a Kubernetes-based application runs.
For example, to use an environment variable to define the IP address or network port for a containerized application, include a section like the following when creating a Kubernetes pod.
- name: SERVICE_PORT
- name: SERVICE_IP
Environment variables can also reference secrets that an application requires, such as usernames and passwords.
The following environment variable, for example, defines the key that an application could use to find a username's value.
- name: SECRET_USERNAME
How to set environment variables in Kubernetes
There are three main ways to define and update environment variables in Kubernetes: kubectl, a YAML file or the Linux CLI.
1. Set Kubernetes environment variables with kubectl
The first option is to define Kubernetes environment variables using the set env command in kubectl, a command-line tool for controlling Kubernetes clusters.
For example, the following code sets or updates the value of the environment variable STORAGE_DIR to /local_storage for a deployment named example-deployment.
kubectl set env deployment/example-deployment STORAGE_DIR=/local_storage
2. Set Kubernetes environment variables with YAML
The second way to set environment variables in Kubernetes is to include the variable definition in the YAML file used to create a pod, as in the following example.
- name: envar-demo-container
- name: STORAGE_DIR
When deployed, this pod is configured with the variable STORAGE_DIR set to the value /local_storage.
3. Set Kubernetes environment variables using the Linux CLI
Linux users can export an environment variable's value directly to the command line using the syntax export VAR=VALUE.
For example, to set the value of the variable STORAGE_DIR to /local_storage, enter the following command inside the Linux terminal where you are interacting with your Kubernetes cluster.
Benefits of using environment variables in Kubernetes
In most cases, the types of data defined using environment variables in Kubernetes can also be configured using different approaches -- for example, by creating a configuration file that the application ingests.
The main advantage of using environment variables rather than an alternative method to define configuration data or reference secrets is that environment variables are simpler and more flexible. You can update environment variables easily by modifying the configuration code for containers or pods -- or by changing your commands, if you set variables using the command line.
Plus, with environment variables, you don't need to worry about setting up your application so that it can access a configuration file. Instead, you can simply define configuration data when you deploy the app itself.
Disadvantages of using environment variables in Kubernetes
The main downside of environment variables is that they can become burdensome to manage, especially if they change frequently.
If you're constantly updating your pods' YAML files, using kubectl commands to set new environment variables or setting different variables for different pods, you might find it more convenient to store configuration data in a configuration file.
Security risks of managing secrets with environment variables
Using environment variables also carries the risk of exposure to certain security vulnerabilities, particularly when managing secrets.
Explicitly defining a secret in an environment variable is very risky. For example, setting an environment variable such as SECRET_PASSWORD=1234 would mean that anyone who views the environment configuration data can also access the stored password.
Fortunately, Kubernetes' secrets management architecture makes it easy to avoid this practice. From a security perspective, managing secrets through Kubernetes environment variables is fine as long as you don't define the actual value of the secret in the environment variable.
Instead, define only the key that an application can use to access the secret. This enables the environment variable to refer to the secret's key without exposing the actual secret.