Skip to content

Dealing with Environmental Variables

Allen Anthes edited this page Jun 5, 2019 · 1 revision

Make sure you have set up your workstation to access our Kubernetes Cluster.

(NOTE - yes, we are currently using Kubernetes secrets as our secrets management tool. Our etcd cluster is encrypted to give us some more security. We are also looking at other secrets management options)

Updating an existing environmental variable

Run this command to get a yaml output of the current backend-secrets file:

$ kubectl get secret python-backend-secrets -n operationcode -o yaml

Copy the output from that command.

Create a new yaml file anywhere on your workstation (i.e. new_backend_secrets.yml), then paste the output from the earlier command into that file. This is a temporary file, and should be deleted after you are done with this process.

Now, remove these attributes from the file (they are either time based or reflecting state)

  • creationTimestamp,
  • resourceVersion,
  • uid
  • annotations (full annotations block)

Now take whatever secret string you need to add (the new value for whatever environmental variable you are updating) and encode it in base64. You can do get the base 64 encoding string on a mac with this command

$ echo -n 'string_to_encode' | openssl base64

Now, take that encoded string and add it to the appropriate place in the file.

Save the file.

Now run this command

$ kubectl replace -f new_backend_secrets.yml -n operationcode

Now, delete all the backend pods (Do not fret! They will come back on their own!)

$ kubectl delete pods -l app=back-end -n operationcode

Now run this command to list the pods - you should see the recently terminated pods, as well as the new pods coming up.

$ kubectl get pods -n operationcode

And your environmental variable should be updated!

Adding a new environmental variable

(This will at first look identical to the updating secrets/environmental variables process, but there are some differences later in the process.)

Run this command to get a yaml output of the current python-backend-secrets file:

$ kubectl get secret python-backend-secrets -n operationcode -o yaml

Copy the output from that command.

Create a new yaml file anywhere on your workstation (i.e. new_backend_secrets.yml), then paste the output from the earlier command into that file. This is a temporary file, and should be deleted after you are done with this process.

Now, remove these attributes from the file (they are either time based or reflecting state)

  • creationTimestamp,
  • resourceVersion,
  • uid
  • annotations (full annotations block)

Now take whatever secret string you need to add (the value for the secret you are adding) and encode it in base64. You can do get the base 64 encoding string on a mac with this command

$ echo -n 'string_to_encode' | openssl base64

Now, take that encoded string add it and the name of the secret to the appropriate place in the file.

i.e.

new_env_variable: base_64_encoded_string

Save the file.

Now run this command

$ kubectl replace -f new_backend_secrets.yml -n operationcode

Alright, now we need to make the containers that our backend runs in aware of this environmental variable.

Clone a copy of our infrastructure code repo:

$ git clone https://github.com/OperationCode/operationcode_infra

Now open up this file in your preferred editor:

$ vim kubernetes/operationcode_python_backend/base/deployment.yml

Look for this section of the file

    spec:
      containers:
      - name: app
        image: operationcode/back-end:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8000
        env:
        - name: DB_HOST
          value: # Requires overlay 
        - name: ENVIRONMENT
          value: # Requires overlay 
        - name: RELEASE
          value: # Requires overlay 
        - name: DB_ENGINE
          value: django.db.backends.postgresql
        - name: DB_NAME
          valueFrom:
            secretKeyRef:
              name: python-backend-secrets
              key: db_name 

See where it says env:? We define environmental variable below it. So DB_NAME is a defined environmental variable - notice that it indicates the name of the secrets file (python-backend-secrets, which we just updated) and the key for that secret. We need to add in our new secret at this same level, if I were to add it just below the DB_NAME secret, it would look like this:

    spec:
      containers:
      - name: app
      ...
        env:
        ... 
        - name: DB_NAME
          valueFrom:
            secretKeyRef:
              name: python-backend-secrets
              key: db_name 
        - name: NEW_ENV_VARIABLE
          valueFrom:
            secretKeyRef:
              name: python-backend-secrets
              key: new_env_variable

Now from the root of the operationcode_infra repo, run this command:

$ kubectl apply -f kubernetes/operationcode_python_backend/deployment.yml -n operationcode

Wait a few minutes for the old pods to be terminated and for new pods to come up.

Now, access the production django console.

And, from within the console, check out your new environmental variable

> import os
> os.environ.get('NEW_ENV_VARIABLE')

Check that it's the value you expect, and you should be good to go!