Dealing with Environmental Variables
Make sure you have set up your workstation to access our Kubernetes Cluster.
(NOTE - yes, we are currently using Kubernetes secrets as our secrets management tool. Our etcd cluster is encrypted to give us some more security. We are also looking at other secrets management options)
Run this command to get a yaml output of the current backend-secrets file:
$ kubectl get secret python-backend-secrets -n operationcode -o yaml
Copy the output from that command.
Create a new yaml file anywhere on your workstation (i.e. new_backend_secrets.yml), then paste the output from the earlier command into that file. This is a temporary file, and should be deleted after you are done with this process.
Now, remove these attributes from the file (they are either time based or reflecting state)
- creationTimestamp,
- resourceVersion,
- uid
- annotations (full annotations block)
Now take whatever secret string you need to add (the new value for whatever environmental variable you are updating) and encode it in base64. You can do get the base 64 encoding string on a mac with this command
$ echo -n 'string_to_encode' | openssl base64
Now, take that encoded string and add it to the appropriate place in the file.
Save the file.
Now run this command
$ kubectl replace -f new_backend_secrets.yml -n operationcode
Now, delete all the backend pods (Do not fret! They will come back on their own!)
$ kubectl delete pods -l app=back-end -n operationcode
Now run this command to list the pods - you should see the recently terminated pods, as well as the new pods coming up.
$ kubectl get pods -n operationcode
And your environmental variable should be updated!
(This will at first look identical to the updating secrets/environmental variables process, but there are some differences later in the process.)
Run this command to get a yaml output of the current python-backend-secrets file:
$ kubectl get secret python-backend-secrets -n operationcode -o yaml
Copy the output from that command.
Create a new yaml file anywhere on your workstation (i.e. new_backend_secrets.yml), then paste the output from the earlier command into that file. This is a temporary file, and should be deleted after you are done with this process.
Now, remove these attributes from the file (they are either time based or reflecting state)
- creationTimestamp,
- resourceVersion,
- uid
- annotations (full annotations block)
Now take whatever secret string you need to add (the value for the secret you are adding) and encode it in base64. You can do get the base 64 encoding string on a mac with this command
$ echo -n 'string_to_encode' | openssl base64
Now, take that encoded string add it and the name of the secret to the appropriate place in the file.
i.e.
new_env_variable: base_64_encoded_string
Save the file.
Now run this command
$ kubectl replace -f new_backend_secrets.yml -n operationcode
Alright, now we need to make the containers that our backend runs in aware of this environmental variable.
Clone a copy of our infrastructure code repo:
$ git clone https://github.com/OperationCode/operationcode_infra
Now open up this file in your preferred editor:
$ vim kubernetes/operationcode_python_backend/base/deployment.yml
Look for this section of the file
spec:
containers:
- name: app
image: operationcode/back-end:latest
imagePullPolicy: Always
ports:
- containerPort: 8000
env:
- name: DB_HOST
value: # Requires overlay
- name: ENVIRONMENT
value: # Requires overlay
- name: RELEASE
value: # Requires overlay
- name: DB_ENGINE
value: django.db.backends.postgresql
- name: DB_NAME
valueFrom:
secretKeyRef:
name: python-backend-secrets
key: db_name
See where it says env:? We define environmental variable below it. So DB_NAME is a defined environmental variable - notice that it indicates the name of the secrets file (python-backend-secrets, which we just updated) and the key for that secret. We need to add in our new secret at this same level, if I were to add it just below the DB_NAME secret, it would look like this:
spec:
containers:
- name: app
...
env:
...
- name: DB_NAME
valueFrom:
secretKeyRef:
name: python-backend-secrets
key: db_name
- name: NEW_ENV_VARIABLE
valueFrom:
secretKeyRef:
name: python-backend-secrets
key: new_env_variable
Now from the root of the operationcode_infra repo, run this command:
$ kubectl apply -f kubernetes/operationcode_python_backend/deployment.yml -n operationcode
Wait a few minutes for the old pods to be terminated and for new pods to come up.
Now, access the production django console.
And, from within the console, check out your new environmental variable
> import os
> os.environ.get('NEW_ENV_VARIABLE')
Check that it's the value you expect, and you should be good to go!