Using environment files over injected environment variables in Kubernetes

Last month I decided to finally dive in and learn about Kubernetes. Since then I have been spending my mornings listening to podcasts and audio resources about Kubernetes. The other morning I was listening to the Kubernetes Security with Liz Rice podcast from Software Daily. The podcast covers the security surface area of Kubernetes, which is a bit large due to all of the components in a distributed system.

One of the topics was around configuration and secret storage. Kubernetes uses etcd, a distributed key-value store for critical system data, to store configuration and secrets. In Kuberenetes, the configuration that needs to be passed to a container is defined in a configuration map resource object and secrets are their own resource object as well. Kubernetes allows you to inject configuration and secrets into Pods so that they are available for container instances in a Pod.

If you’re not familiar with Kubernetes

• Configuration maps are a resource object for storing non-sensitive data to be used as configuration within containers on a Pod
• Secrets are a resource object like configuration maps but store values obfuscated with base64 encoding and intended to be used for sensitive data