I currently use a Kubernetes spec Deployment.yaml
for deploying a service. The spec includes a verbatim reference to a specific IP address (marked as <static-ip-address>
below):
spec:
type: LoadBalancer
loadBalancerIP: <static-ip-address>
I am concerned about pushing information such as passwords or IP addresses into remote Git repositories. Can I avoid this e.g. by making use of environment variables, e.g. with a deployment spec and actual deployment roughly as follows:
spec:
type: LoadBalancer
loadBalancerIP: ${SERVICE_ADDRESS}
and
export SERVICE_ADDRESS=<static-ip-address>
kubectl create -f Deployment.yaml
Obviously this specific syntax does not work yet. But is something like this possible and if so how?
I'd prefer not relying on a separate provisioning tool. Secrets and ConfigMap
s seem promising, but apparently they cannot be consumed in a way that suits this purpose. If I could directly reference a static IP address that was defined with gcloud compute addresses create service-address
that would be best.
Best Answer
A much easier/cleaner solution:
envsubst
In deploy.yml:
Then just create your env var and run kubectl like this:
You just put regular Bash variables into whatever file you want to use, in this case the YAML manifest, and have ensubst read that file. It will output the file with the env vars replaced by their values. You can also use it to create new files like this:
envsubst
is available in e.g. Ubuntu/Debiangettext
package.