From 0c1b3e3d037a5a1445da896bc6f0e7c71a2c61ce Mon Sep 17 00:00:00 2001 From: HirazawaUi <695097494plus@gmail.com> Date: Fri, 1 Mar 2024 05:32:50 +0800 Subject: [PATCH] Allow almost all printable ASCII characters in environment variables --- .../docs/concepts/configuration/configmap.md | 37 +++++++++++++++++++ .../en/docs/concepts/configuration/secret.md | 23 ++---------- ...relaxed-environment-variable-validation.md | 13 +++++++ .../define-environment-variable-container.md | 5 +++ 4 files changed, 59 insertions(+), 19 deletions(-) create mode 100644 content/en/docs/reference/command-line-tools-reference/feature-gates/relaxed-environment-variable-validation.md diff --git a/content/en/docs/concepts/configuration/configmap.md b/content/en/docs/concepts/configuration/configmap.md index eca8455db89f5..6aea73fd5df10 100644 --- a/content/en/docs/concepts/configuration/configmap.md +++ b/content/en/docs/concepts/configuration/configmap.md @@ -205,6 +205,43 @@ ConfigMaps consumed as environment variables are not updated automatically and r A container using a ConfigMap as a [subPath](/docs/concepts/storage/volumes#using-subpath) volume mount will not receive ConfigMap updates. {{< /note >}} + +### Using Configmaps as environment variables + +To use a Configmap in an {{< glossary_tooltip text="environment variable" term_id="container-env-variables" >}} +in a Pod: + +1. For each container in your Pod specification, add an environment variable + for each Configmap key that you want to use to the + `env[].valueFrom.configMapKeyRef` field. +1. Modify your image and/or command line so that the program looks for values + in the specified environment variables. + +This is an example of defining a ConfigMap as a pod environment variable: +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: env-configmap +spec: + containers: + - name: envars-test-container + image: nginx + env: + - name: CONFIGMAP_USERNAME + valueFrom: + configMapKeyRef: + name: myconfigmap + key: username + +``` + +It's important to note that the range of characters allowed for environment +variable names in pods is [restricted](/docs/tasks/inject-data-application/ +/define-environment-variable-container/#using-environment-variables-inside-of-your-config), +If any keys do not meet the rules, those keys are not made available to your container, though +the Pod is allowed to start. + ## Immutable ConfigMaps {#configmap-immutable} {{< feature-state for_k8s_version="v1.21" state="stable" >}} diff --git a/content/en/docs/concepts/configuration/secret.md b/content/en/docs/concepts/configuration/secret.md index e692491273e39..0d4b48e604781 100644 --- a/content/en/docs/concepts/configuration/secret.md +++ b/content/en/docs/concepts/configuration/secret.md @@ -564,25 +564,10 @@ in a Pod: For instructions, refer to [Define container environment variables using Secret data](/docs/tasks/inject-data-application/distribute-credentials-secure/#define-container-environment-variables-using-secret-data). -#### Invalid environment variables {#restriction-env-from-invalid} - -If your environment variable definitions in your Pod specification are -considered to be invalid environment variable names, those keys aren't made -available to your container. The Pod is allowed to start. - -Kubernetes adds an Event with the reason set to `InvalidVariableNames` and a -message that lists the skipped invalid keys. The following example shows a Pod that refers to a Secret named `mysecret`, where `mysecret` contains 2 invalid keys: `1badkey` and `2alsobad`. - -```shell -kubectl get events -``` - -The output is similar to: - -``` -LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON -0s 0s 1 dapi-test-pod Pod Warning InvalidEnvironmentVariableNames kubelet, 127.0.0.1 Keys [1badkey, 2alsobad] from the EnvFrom secret default/mysecret were skipped since they are considered invalid environment variable names. -``` +It's important to note that the range of characters allowed for environment variable names in pods is [restricted](/docs/tasks/inject-data-application/ +/define-environment-variable-container/#using-environment-variables-inside-of-your-config), +If any keys do not meet the rules, those keys are not made available to your container, though +the Pod is allowed to start. ### Container image pull Secrets {#using-imagepullsecrets} diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/relaxed-environment-variable-validation.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/relaxed-environment-variable-validation.md new file mode 100644 index 0000000000000..862ae57214bae --- /dev/null +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/relaxed-environment-variable-validation.md @@ -0,0 +1,13 @@ +--- +title: RelaxedEnvironmentVariableValidation +content_type: feature_gate +_build: + list: never + render: false + +stages: + - stage: alpha + defaultValue: false + fromVersion: "1.30" +--- +Allow almost all printable ASCII characters in environment variables. diff --git a/content/en/docs/tasks/inject-data-application/define-environment-variable-container.md b/content/en/docs/tasks/inject-data-application/define-environment-variable-container.md index 73182d625f0d9..2b10561f4097f 100644 --- a/content/en/docs/tasks/inject-data-application/define-environment-variable-container.md +++ b/content/en/docs/tasks/inject-data-application/define-environment-variable-container.md @@ -102,6 +102,11 @@ Honorable`, and `Kubernetes`, respectively. The environment variable `MESSAGE` combines the set of all these environment variables and then uses it as a CLI argument passed to the `env-print-demo` container. +Environment variable names consist of letters, numbers, underscores, +dots, or hyphens, but the first character cannot be a digit. +If the `RelaxedEnvironmentVariableValidation` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled, +all [printable ASCII characters](https://www.ascii-code.com/characters/printable-characters) except "=" may be used for environment variable names. + ```yaml apiVersion: v1 kind: Pod