2.2 : Environment Variables in Pods

https://drive.google.com/file/d/1xAabKlDCuoqRAZPzLVA36AR1dXOe3_1c/view?usp=sharing

🔍 YAML Breakdown

apiVersion: v1
kind: Pod
meta
  name: dbpod
spec:
  containers:
  - name: mysql
    image: mysql:latest          # ⚠️ Not recommended for production!
    ports:
    - containerPort: 3329        # ⚠️ Non-standard MySQL port!
    env:
    - name: MYSQL_ROOT_PASSWORD
      value: "redhat"            # ⚠️ Plaintext password!

✅ What It Does

Launches a MySQL database container.
Sets the root password via the MYSQL_ROOT_PASSWORD environment variable (required by the official MySQL image).
Exposes port 3329 (instead of default 3306 — likely to avoid conflict).

💡 The official MySQL Docker image reads MYSQL_ROOT_PASSWORD at startup to initialize the database.

📌 Key Concepts

Concept	Explanation
`env`	Injects environment variables into the container.
`name` / `value`	Simple key-value pair. Great for non-sensitive config.
Security Warning	Never store real secrets in YAML! Use Secrets (we’ll cover this soon).
Image Tag `:latest`	Avoid in production! Use specific versions (`mysql:8.0`) for reproducibility.
Non-standard port (3329)	Useful for labs to avoid port conflicts, but confusing. Standard MySQL = 3306.

🔐 Best Practice: Use Kubernetes Secrets (Preview)

Instead of:

env:
- name: MYSQL_ROOT_PASSWORD
  value: "redhat"

✅ Do this (we’ll cover full Secret creation later):

env:
- name: MYSQL_ROOT_PASSWORD
  valueFrom:
    secretKeyRef:
      name: mysql-secret
      key: password

🔒 Why?

Secrets are base64-encoded (not encrypted by default, but can be with etcd encryption).

They can be mounted as files or injected as env vars.

Git repos won’t leak passwords if you use external secret management (Vault, AWS Secrets Manager, etc.).

🔍 YAML Breakdown

✅ What It Does

📌 Key Concepts

🔐 Best Practice: Use Kubernetes Secrets (Preview)

🧪 Lab: Deploy MySQL Pod with Env Var (Safely!)