If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
There are different ways to configure a container with environment variables.
- In a deployment YAML file
- Using Config Map (this article)
- Using Secrets
Config Maps are used to:
- mount configuration files in a container
- create environment variables in a container
- create command line option arguments in a container
Secrets are similar, used to create variables that contain encoded data (e.g. passwords). In this way, if a change is needed to a configuration file, variable, or command line option argument, you just need to update the config map or secret as opposed to having to make the change to your applications or deployments.
flowchart TB
subgraph OpenShift["OpenShift Cluster"]
CM[ConfigMap
Configuration Data]
SEC[Secret
Sensitive Data]
subgraph Pod["Pod"]
subgraph Container["Container"]
APP[Application]
VOL1[/Volume Mount
Config Files/]
VOL2[/Volume Mount
Secret Files/]
ENV1[Environment Variables
from ConfigMap]
ENV2[Environment Variables
from Secret]
end
end
end
CM -->|Mount as Volume| VOL1
SEC -->|Mount as Volume| VOL2
CM -->|Inject as EnvVar| ENV1
SEC -->|Inject as EnvVar| ENV2
VOL1 -.->|Read Config| APP
VOL2 -.->|Read Secrets| APP
ENV1 -.->|Use Config| APP
ENV2 -.->|Use Secrets| APP
style CM fill:#90CAF9
style SEC fill:#FFAB91
style APP fill:#A5D6A7
style Pod fill:#E1F5FE
style Container fill:#F1F8E9
This assumes you have used the REST API to obtain an OAuth bearer token. Let's say the bearer token is sha256~0Rs__hPuXmBD3TJTXNDisC7wRBN-nrFnYTxgdBrFT-U.
Here is how you could list the config maps in the openshift-kube-apiserver-operator namespace using curl. The oc config view or oc get apiserver commands can be used to display the API Server URL (api.openshift.example.com in this example).
curl
--insecure
--request GET
--header "Accept: application/json"
--header "Authorization: Bearer sha256~0Rs__hPuXmBD3TJTXNDisC7wRBN-nrFnYTxgdBrFT-U"
--url "https://api.openshift.example.com:6443/api/v1/namespaces/openshift-kube-apiserver-operator/configmaps"
If something like this is returned, this means that there are no config maps in the namespace.
{
"kind": "ConfigMapList",
"apiVersion": "v1",
"metadata": {
"selfLink": "/api/v1/namespaces/openshift-kube-apiserver-operator/configmaps",
"resourceVersion": "96466432"
},
"items": []
}
On the other hand, if the items array contains key value pairs, this means the namespace contains one or more config maps.
{
"kind": "ConfigMapList",
"apiVersion": "v1",
"metadata": {
"selfLink": "/api/v1/namespaces/openshift-kube-apiserver-operator/configmaps",
"resourceVersion": "96464581"
},
"items": [
{
"metadata": {
"name": "kube-apiserver-to-kubelet-client-ca",
"namespace": "openshift-kube-apiserver-operator",
"selfLink": "/api/v1/namespaces/openshift-kube-apiserver-operator/configmaps/kube-apiserver-to-kubelet-client-ca",
"uid": "9103397e-9e0c-44f6-bcb4-852cbbc07ed8"
Or to return a specific config map, such as kube-control-plane-signer-ca.
curl
--insecure
--request GET
--header "Accept: application/json"
--header "Authorization: Bearer sha256~0Rs__hPuXmBD3TJTXNDisC7wRBN-nrFnYTxgdBrFT-U"
--url "https://api.openshift.example.com:6443/api/v1/namespaces/openshift-kube-apiserver-operator/configmaps/kube-control-plane-signer-ca"
Did you find this article helpful?
If so, consider buying me a coffee over at 