10

Is it possible for an InitContainer to change the environment variables of the application container when running inside the same Pod?

Note that I am looking for a detailed answer that describes the technical reasons why this is or isn't possible. Example: 'Current container technology supports environment variable isolation between containers and Pods cannot bypass that restriction by "grouping" containers in the same "environment variable space"'.

atomaras
  • 2,468
  • 2
  • 19
  • 28

3 Answers3

3

Short answer is No, they can't.

You can try some hack something using ShareProcessNamespace and gdb but for sure this is not correct solution for problem you are trying to solve.

Maciek Sawicki
  • 6,717
  • 9
  • 34
  • 48
  • 2
    I would appreciate the long answer. – atomaras May 06 '18 at 20:29
  • longer answer depends on what are you trying to achieve. I can imagine two options (please tell me if it's something else): 1. you are trying to simplify your deployment.yaml file to avoid repeating setting the same vars, 2. you are trying to use env as some form of inter process communication. Just forget about 2: https://stackoverflow.com/questions/263005/is-it-possible-to-change-the-environment-of-a-parent-process-in-python regarding 1 - There is no syntax sugar for it in standard kubernetes. but you can use some tempting solutions like helm or ksonnet. – Maciek Sawicki May 06 '18 at 20:38
  • Maciek long story short we have existing containers that we don't want to change. – atomaras May 07 '18 at 16:13
  • Hi, is this still not possible? because I have a NodeJS app that is running basically two of itself inside of one pod but grabbing env variables from two different secrets – Carlos Franco Jan 21 '21 at 15:27
3

No, it is not possible to just change the variables like that. One of the possible workarounds is to use an EmptyDir volume shared between the InitContainer and the main container. You can store there a the variables using a file in InitContainer and load them in the main container using a some simple shell script.

Jakub
  • 3,506
  • 12
  • 20
1

That exactly what we do with Vault on kubernetes, using the injector from https://developer.hashicorp.com/vault/docs/platform/k8s/injector/annotations.

This will inject an init container.

Then, we use an emptyDir volume, the vault agent init container will create a file in it, then the running container will source it at start.

Thomas Decaux
  • 21,738
  • 2
  • 113
  • 124