How to invoke a .env file into a Django project that runs in a Docker container on a K8s server?

David

7/28/23, 10:20 PM

I most likely only need a hint into the right direction.

I have a docker container running a Django app using gunicorn and nginx. This Django app is currently getting its environment variables from a .env file.

FROM python:alpine
EXPOSE 8000

RUN apk update
RUN apk add --no-cache git gcc musl-dev libffi-dev libxml2-dev libxslt-dev gcc swig g++
RUN apk add --no-cache jpeg-dev zlib-dev freetype-dev lcms2-dev openjpeg-dev tiff-  dev tk-dev tcl-dev
RUN apk add --no-cache bash ffmpeg libmagic
RUN python3 -m pip install --upgrade pip
RUN python3 -m pip install --upgrade setuptools

RUN mkdir /opt/app
WORKDIR /opt/app
COPY . .
RUN python3 -m pip install /root/d12f/

RUN pip3 install -r requirements.txt
RUN pip3 install gunicorn
CMD sh -c 'gunicorn --conf python:app.gunicorn_conf app.wsgi --bind 0.0.0.0:8000 --reload --log-level info --access-logfile - --timeout 360 --error-logfile -'

Of course there is no .env file in the repo as this would be a security risk.

The Docker image is being created by github and stored in a private GitHub Package. Later on this docker image is being used to run on Kubernetes.

I'm trying to find the best solution to put an .env file into

/opt/app/app/.env

as a local file.

I would prefer not to use global environment variables, if possible.

Thanks for any suggestion.

0 + 0

python

django

github

docker

kubernetes

Score:1

Server

mforsetti

8/2/23, 12:04 PM

Later on this docker image is being used to run on Kubernetes.

Store your .env file as a Secret with kubectl [1]:

kubectl create secret generic app-env --from-file=.env=/path/to/your/.env

Then you can mount the Secret as a volume in your Pod definition [2], [3]:

---
apiVersion: v1
kind: Pod
...
spec:
  containers:
    ...
  - name: app
    image: your-image:tag
    volumeMounts:
    - name: app-env-vol            # mount volume name
      mountPath: /opt/app/app      # to /opt/app/app
      readOnly: true               # as read-only
    ...
  volumes:
    ...
  - name: app-env-vol              # create app-env volume
    secret:
      secretName: app-env          # with secret name.
    ...

Your application should be able to access its envs in /opt/app/app/.env.

0 + 0

Score:-2

Server

philn5d

7/31/23, 4:04 AM

Use wget or a cloud provider cli command to pull it down at runtime.

You must use some auth mechanism to protect it in the "config file store" for example IAM and a secure Bucket. Or your config store should also accept files.

mv the file into the appropriate opt dir.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to invoke a .env file into a Django project that runs in a Docker container on a K8s server?

TH: จะเรียกใช้ไฟล์ .env ในโครงการ Django ที่ทำงานในคอนเทนเนอร์ Docker บนเซิร์ฟเวอร์ K8s ได้อย่างไร

RO: Cum se invocă un fișier .env într-un proiect Django care rulează într-un container Docker pe un server K8s?

RU: Как вызвать файл .env в проект Django, который работает в контейнере Docker на сервере K8s?

VI: Làm cách nào để gọi tệp .env vào dự án Django chạy trong bộ chứa Docker trên máy chủ K8s?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.