kubernetes: kubectl run overrides envFrom doesn't add env vars

Is this a BUG REPORT or FEATURE REQUEST?:

Uncomment only one, leave it on its own line:

/kind bug

/kind feature

What happened:

Calling kubectl run with overrides injecting environment from configmap doesn’t inject environment

What you expected to happen:

I expect to see environment variables from the config map in the process

How to reproduce it (as minimally and precisely as possible):

kubectl create configmap my-config --from-literal=FOO=BAR
kubectl run -i --rm --tty ubuntu --overrides='
{
  "spec": {
    "template": {
      "spec": {
        "containers": [
          {
            "name": "app",
            "image": "ubuntu",
            "envFrom": [
              {
                "configMapRef": {
                  "name": "my-config"
                }
              }
            ]
          }
        ]
      }
    }
  }
}
'  --image=ubuntu --restart=Never -- bash -c "sleep 3 && env"

Anything else we need to know?:

Environment:

  • Kubernetes version (use kubectl version):

Client Version: version.Info{Major:“1”, Minor:“6”, GitVersion:“v1.6.2”, GitCommit:“477efc3cbe6a7effca06bd1452fa356e2201e1ee”, GitTreeState:“clean”, BuildDate:“2017-04-19T22:51:55Z”, GoVersion:“go1.8.1”, Compiler:“gc”, Platform:“darwin/amd64”} Server Version: version.Info{Major:“1”, Minor:“6”, GitVersion:“v1.6.1”, GitCommit:“b0b7a323cc5a4a2019b2e9520c21c7830b7f708e”, GitTreeState:“clean”, BuildDate:“2017-04-03T20:33:27Z”, GoVersion:“go1.7.5”, Compiler:“gc”, Platform:“linux/amd64”}

  • Cloud provider or hardware configuration**: AWS/kops
  • OS (e.g. from /etc/os-release): OSX
  • Kernel (e.g. uname -a):

Darwin WLT041147 16.6.0 Darwin Kernel Version 16.6.0: Fri Apr 14 16:21:16 PDT 2017; root:xnu-3789.60.24~6/RELEASE_X86_64 x86_64

  • Install tools:
  • Others:

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 19 (8 by maintainers)

Most upvoted comments

So now, I think only env is in the option list of kubectl run. Considering this is related to ticket #26299, @bgrant0607, not sure if we can propose a new option envFrom for kubectl run. As for now, envFrom supports two kinds of sources: configmap and secrets, so the new option would play like: kubectl run nginx --image=nginx --envFrom='ConfigMapRef=abc' --envFrom='SecretRef=def' Do you think this new option is reasonable?

+13
xingzhou on Jul 7, 2017

Hello, I tried dry running it and looks like it is missing in the spec.

kubectl run ubuntu --overrides='
{
  "spec": {
    "template": {
      "spec": {
        "containers": [
          {
            "name": "app",
            "image": "ubuntu",
            "envFrom": [
              {
                "configMapRef": {
                  "name": "config-env"
                }
              },
              {
                "secretRef": {
                  "name": "secret-env"
                }
              }
            ]
          }
        ]
      }
    }
  }
}
'  --image=ubuntu --restart=Never --dry-run -o yaml -- bash -c "sleep 3 && env"

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: ubuntu
  name: ubuntu
spec:
  containers:
  - args:
    - bash
    - -c
    - sleep 3 && env
    image: ubuntu
    imagePullPolicy: IfNotPresent
    name: ubuntu
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
  dnsPolicy: ClusterFirst
  restartPolicy: Never
  schedulerName: default-scheduler
  securityContext: {}
  terminationGracePeriodSeconds: 30
status: {}

No envFrom secret or configmap.

kubectl version
Client Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.5", GitCommit:"17d7182a7ccbb167074be7a87f0a68bd00d58d97", GitTreeState:"clean", BuildDate:"2017-08-31T09:14:02Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.4", GitCommit:"793658f2d7ca7f064d2bdf606519f9fe1229c381", GitTreeState:"clean", BuildDate:"2017-08-17T08:30:51Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}

EDIT: Figured it out. It is necessary to remove "spec" and "template" from the override:

kubectl run ubuntu --overrides='
{
      "spec": {
        "containers": [
          {
            "name": "app",
            "image": "ubuntu",
            "envFrom": [
              {
                "configMapRef": {
                  "name": "config-env"
                }
              },
              {
                "secretRef": {
                  "name": "secret-env"
                }
              }
            ]
          }
        ]
      }
}
'  --image=ubuntu --restart=Never --dry-run -o yaml -- bash -c "sleep 3 && env"

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: ubuntu
  name: ubuntu
spec:
  containers:
  - envFrom:
    - configMapRef:
        name: config-env
    - secretRef:
        name: secret-env
    image: ubuntu
    imagePullPolicy: Always
    name: app
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
  dnsPolicy: ClusterFirst
  restartPolicy: Never
  schedulerName: default-scheduler
  securityContext: {}
  terminationGracePeriodSeconds: 30
status: {}
+5
kvitajakub on Nov 8, 2017

@lev-kuznetsov Did you test with --dry-run -o yaml to see what kubectl run would generate? I’ve tried something similar, but my template looks like:

{
  "spec": {
    "containers": [
      {
        "name":
        ...
      }
   }
}
+1
harmjanblok on Oct 2, 2017

till now, I think the change is only limited to kubectl

+1
xingzhou on Jul 12, 2017

As a workaround, I currently create a pod by piping echo of a full descriptor with the configmap and a blocking command and then I exec my process in the pod, kind of like this:

echo "
apiVersion: v1
kind: Pod
metadata:
  name: ubuntu
spec:
  containers:
  - name: ubuntu
    command:
    - sleep
    - 9999999
    envFrom:
    - configMapRef:
         name: my-config
# more stuff
" |  kubectl create -f -
kubectl exec ubuntu -- env
kubectl delete po/ubuntu

My actual use case is that I’m trying to run unit tests as part of my CI process and I’d like to take advantage of secrets storage except there doesn’t appear to be a way to block for a job completion, and even if attach did work it would be clunky, I seem to be losing the beginning of the input hence the sleep.

+1
lev-kuznetsov on Jul 6, 2017
Read more comments on GitHub
← kubernetes: `kubectl run` doesn’t work for simple "run command, parse result"
kubernetes: kubectl should provide better error message when validation failed →