http://coldfusion.com logo
Join Slack
Powered by
We don't seem to have a Kubernetes channel, so I'l...
# docker
j
We don't seem to have a Kubernetes channel, so I'll try asking here - Has anyone gotten commandbox containers to read environment vars from 
configmaps
/ 
secrets
? I'm looking to inject my set of vars at container start time, without fully relying on a populated 
.env
file.
b
@Josh The Ortus commandbox should already have support for reading secrets into env vars for you to use. We use this all the time
I'm not sure what configmaps are, but if you post an issue in the github tracker for that project, @jclausen may be able to help you with it
👍 1
j
Thanks for the reply - Will gather more details and post and issue.
j
@Josh the link above has info on how to use Docker secrets. Docker swarm configs can be sourced in. I have seen this done in several ways, but it involves customizing the CMD to handle the initial sourcing. If you want to open a ticket for Kubernetes config map handling, I can dig in to adding full support in a future release.
j
Thanks for that, i'll add a ticket later. I believe a second part to my issue is that I am using a forge-box extension (dotenv) that is not picking up my vars.
j
That extension is installed already in the Docker image. Is it present as /app/.env when the container starts?
j
Right, So I have a 
.env
file that I've injected, during container build, which is set to get vars from my configmaps. So my .env file might have:
Copy code
DB_DATABASE_1=${DB_01}
DB_DATABASE_2=${DB_02}
DB_DATABASE_3=${DB_03}
Then my configmap has the actual var
Copy code
DB_01=firstdb
DB_02=anotherdb
DB_03=someotherdb
Then for example of that used in 
.cfconfig.json
Copy code
"SomeDB": {
            "host": "${DB_HOST}",
            "dbdriver": "${DB_DRIVER}",
            "database": "${DB_DATABASE_2}",
            "dsn": "jdbc:mysql://{host}:{port}/{database}",
            "custom": "useUnicode=true&characterEncoding=UTF8&autoReconnect=false&useSSL=false&useLegacyDatetimeCode=true",
            "port": "${DB_PORT}",
            "class": "${DB_CLASS}",
            "username": "${DB_USER}",
            "password": "${DB_PASSWORD}",
I believe the nesting of variables does not work in this format with Kubernetes configuration maps... however it does work when i build 'full' container images and inject the nested vars via Jenkins build scripts.
Hopefully that makes sense. I'll log a ticket later on today for you.
j
It makes sense. The issue doesn’t sound like the .env is not sourcing in. It sounds like those variables are not present in the environment when the CMD of the image starts CommandBox - which is when that file gets sourced in. I suspect a chicken/egg issue. Are you defining those configmap keys as environment variables like so: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#define-container-environment-variables-using-configmap-data
j
I am creating my configmaps from text file like this:
Copy code
kubectl create configmap my-app-env --from-file=my-app-env.txt --namespace my-app
Then directly getting my workload to load the config as env
Copy code
envFrom:
          - configMapRef: 
              name: my-app-env
          - secretRef: 
              name: my-app-sec-env
Are you suggesting I mount the configmap as a file in the location where 
.env
file would go? (
/app/.env
)
j
Maybe, if 
my-app-env.txt
is a simple properties file in the 
.env
format. It would be easy enough to move it in by adjusting the command in your docker file or at the service level.
Copy code
CMD cp [ config file path here ] /app/.env && $BUILD_DIR/run.sh
But the 
configmap
would not work, if it’s YAML format.
If you look at the link above, you can customize that config map to source in the environment variables you want from that. That feels cumbersome, though.
j
🙂 using Kubes and cumbersome are expected, yes?
🧌 2
j
For production we inject the .env at build time like mentioned above. This deployment is purely for local development environments where our developer teams need to swap settings frequently without rebuilding containers or accessing Lucee (we tend to disable Lucee and do all config from files). I think I solved this last night over a glass of whisky (honestly amazing what a glass of whisky can achieve) by mounting the configmap as the 
.env
file to the 
app
volume... so I'll feedback to this thread later - Might not need to make that ticket after all.
Yes - I did indeed solved this. I was able to inject my .env file directly as a kubernetes secret. The key was to ensure I set a subPath in the 
volumeMount
then a 
key
and 
path
in the volume definition. Thanks all, this is a big breakthrough for us! 🙂
🎉 2
Open in Slack
PreviousNext
Powered by