K
Q

Setting postgres environmental variables running image

12/5/2019

As the documentation shows, you should be setting the env vars when doing a docker run like the following:

docker run --name some-postgres -e POSTGRES_PASSWORD='foo' POSTGRES_USER='bar'

This sets the superuser and password to access the database instead of the defaults of POSTGRES_PASSWORD='' and POSTGRES_USER='postgres'.

However, I'm using Skaffold to spin up a k8s cluster and I'm trying to figure out how to do something similar. How does one go about doing this for Kubernetes and Skaffold?

-- eox.dev
docker
kubernetes
postgresql
skaffold

Similar Questions

Dockerized Spring Boot app not using mounted Kubernetes ConfigMap (application.properties)
revision v0.0.0: unknown for go get k8s.io/kubernetes
Azure doesn't rcommend "Deploy to Azure Kubernetes Service" option?
Does it make sense to deploy a cluster on: bunch of virtual machines + docker containerized applications ( in pods) + kubernetes?
do not get public ip while creating service load balancer
Kubernetes object creation time
When using ingress-nginx in Kubernetes, is is possible to configure backends with captured groups from the path?

2 Answers

12/5/2019

@P Ekambaram is correct but I would like to go further into this topic and explain the "whys and hows".

When passing passwords on Kubernetes, it's highly recommended to use encryption and you can do this by using secrets.

Creating your own Secrets (Doc)

To be able to use the secrets as described by @P Ekambaram, you need to have a secret in your kubernetes cluster.

To easily create a secret, you can also create a Secret from generators and then apply it to create the object on the Apiserver. The generators should be specified in a kustomization.yaml inside a directory.

For example, to generate a Secret from literals username=admin and password=secret, you can specify the secret generator in kustomization.yaml as

# Create a kustomization.yaml file with SecretGenerator
$ cat <<EOF >./kustomization.yaml
secretGenerator:
- name: db-user-pass
  literals:
  - username=admin
  - password=secret
EOF

Apply the kustomization directory to create the Secret object.

$ kubectl apply -k .
secret/db-user-pass-dddghtt9b5 created

Using Secrets as Environment Variables (Doc)

This is an example of a pod that uses secrets from environment variables:

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: password
  restartPolicy: Never

Source: here and here.

-- mWatney
Source: StackOverflow
12/5/2019

Use the below YAML

apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: postgres
spec:
  serviceName: postgres
  replicas: 1
  template:
    metadata:
      labels:
       name: postgres
    spec:
      containers:
        - name: postgres
          image: postgres:11.2
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_DB
              value: "sampledb"
            - name: POSTGRES_USER
              value: "postgres"
            - name: POSTGRES_PASSWORD
              value: "secret"
          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql
      volumes:
        - name: data
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  type: ClusterIP
  ports:
    - port: 5432
  selector:
    name: postgres
-- P Ekambaram
Source: StackOverflow