# Environmental Variables

### Introduction

In this lesson, we'll discuss how to use Kubernetes to set environmental variables.  As we'll see, we can set environmental variables directly from our config files.  Let's get started.

### Environmental Variables

In Kubernetes, we can specify environmental variables in our config file, and the variables will be directly available in the specified image.  For example, take a look at the bottom of the config file below.

```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      component: backend
  template:
    metadata:
      labels:
        component: backend
    spec:
      containers:
        - name: backend-api
          image: jek2141/apartments_api:v4
          ports:
          - containerPort: 5000
          env:
              name: DATABASE_URL
              value: http://postgres
```

So our config file is the standard file for creating a deployment, but this time, if we exec into one of the `backend-api` pods, we can acess the environmental variable.

<img src="./db_url.png" width="40%">

And if we want to reference this environmental variable in our Flask application, we can use a bit of Python.

```python
import os
os.environ.get('DATABASE_URL')

# 'http://postgres'
```

### Using a ConfigMap

Now oftentimes we may want to provide *the same* environmental variable in multiple, different resources.  For example, with the environmental variable for our database url, we may wish to have the backend application reference the url (as we do above), and also have a reference the database in a separate resource that say loads data into the database.

Under our current mechanism, we would have to specify the environmental variable hardcoded in each deployment, and if we were up to update this database url, would need to make these updates in multiple locations.  

To avoid managing *the same variable* across multiple configuration files, kubernetes provides us with a separate object called a `configMap`.  Let's see how it works.  First we add the following yaml to a new file.

```yaml
# configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: database-config
  namespace: default
data:
  postgres_db_url: 'http://postgres'
```

> So the above has a key of `postgres_db_url` set to the value of our url.

And we can apply this file to create a new object with the following: `kubectl apply -f configmap.yaml`.  And from there we can check our work:

> <img src="./created_configmap.png" width="60%">

Next, we can reference the values from our newly created `database-config` in our deployment configuration file.  To accomplish this, we'll update the deployment config file like so:

```yaml
spec:
      containers:
        - name: backend-api
          image: jek2141/apartments_api:v4
          ports:
          - containerPort: 5000
          env:
              name: DATABASE_URL
              valueFrom:
                  configMapKeyRef: 
                      name: database-config
                      key: postgres_db_url
```

So notice that we are replaccing the `value` key, with the `valueFrom` key.  Then under the `configMapKeyRef` key, we need to specify the name and key of the configMap that we are referencing.  And if we apply our deployment file and `sh` into the shell, we can see that we still have working code.  

So the configMap is just a bit more indirect than using an environmental variable.  A configMap allows us to specify environmental variables that we can reference throughout our cluster.

### Secrets

There is another object that we can use to create an environmental variable and that is a secret.

```yaml
# secrets.yaml

apiVersion: v1
kind: Secret
metadata:
    name: postgres-credentials
stringData:
    postgres_password: "SECRET123"
```

Let's begin by creating a new secrets object.

`kubectl apply -f secrets.yaml`

And then we reference data from our secrets object, similarly to referencing it from a configMap object. 

```yaml
env: 
    - name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
                name: postgres-credentials
                key: postgres_password
```

> So here, we just reference the secret with the `secretKeyRef` key.

So let's apply the changes and now see if we can access the `DATABASE_PASSWORD` as an environmental variable.

<img src="./db_password.png" width="60%">

Ok looks good.

So what was the point of using a secret?  Well notice that now if we look to describe our secret object, the information is obscured.

> <img src="./postgres_secret.png" width="60%">

So unlike with our configMap, we cannot see the value of secret simply by describing the object.

### Summary

In this lesson, we learned how to use Kubernetes to manage our environmental variables.
```yaml
# deployment.yaml
spec:
      containers:
        - name: backend-api
          image: jek2141/apartments_api:v4
          ports:
          - containerPort: 5000
          env:
              name: DATABASE_URL
              value: http://postgres
```

And we saw that if we want to manage these variables across multiple resources, we can first create a ConfigMap like we do below.

```yaml
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: database-config
  namespace: default
data:
  postgres_db_url: 'http://postgres'
```

And then reference the ConfigMap in the environmental variable with the ConfigMapKeyRef.

```yaml
# deployment.yaml
env:
  name: DATABASE_URL
  valueFrom:
      configMapKeyRef: 
          name: database-config
          key: postgres_db_url
```

So above, we do not directly store the database value, but rather reference it from the database-config.  Finally we saw that we can also use a secret if we wish to obscure the environmental variable value.

```yaml
# secrets.yaml

apiVersion: v1
kind: Secret
metadata:
    name: postgres-credentials
stringData:
    postgres_password: "SECRET123"
```

And can then again reference the environmental variable from the deployment config file, this time with the `secretKeyRef` value.

```yaml
- name: DATABASE_PASSWORD
    valueFrom:
      secretKeyRef:
        name: postgres-credentials
        key: postgres_password
```