How to invoke a .env file into a Django project that runs in a Docker container on a K8s server?

Question

I most likely only need a hint into the right direction.

I have a docker container running a Django app using gunicorn and nginx. This Django app is currently getting its environment variables from a .env file.

FROM python:alpine
EXPOSE 8000

RUN apk update
RUN apk add --no-cache git gcc musl-dev libffi-dev libxml2-dev libxslt-dev gcc swig g++
RUN apk add --no-cache jpeg-dev zlib-dev freetype-dev lcms2-dev openjpeg-dev tiff-  dev tk-dev tcl-dev
RUN apk add --no-cache bash ffmpeg libmagic
RUN python3 -m pip install --upgrade pip
RUN python3 -m pip install --upgrade setuptools

RUN mkdir /opt/app
WORKDIR /opt/app
COPY . .
RUN python3 -m pip install /root/d12f/

RUN pip3 install -r requirements.txt
RUN pip3 install gunicorn
CMD sh -c 'gunicorn --conf python:app.gunicorn_conf app.wsgi --bind 0.0.0.0:8000 --reload --log-level info --access-logfile - --timeout 360 --error-logfile -'

Of course there is no .env file in the repo as this would be a security risk.

The Docker image is being created by github and stored in a private GitHub Package. Later on this docker image is being used to run on Kubernetes.

I'm trying to find the best solution to put an .env file into

/opt/app/app/.env

as a local file.

I would prefer not to use global environment variables, if possible.

Thanks for any suggestion.

score 1 · Accepted Answer · answered Apr 02 '22 at 12:04

Later on this docker image is being used to run on Kubernetes.

Store your .env file as a Secret with kubectl [1]:

kubectl create secret generic app-env --from-file=.env=/path/to/your/.env

Then you can mount the Secret as a volume in your Pod definition [2], [3]:

---
apiVersion: v1
kind: Pod
...
spec:
  containers:
    ...
  - name: app
    image: your-image:tag
    volumeMounts:
    - name: app-env-vol            # mount volume name
      mountPath: /opt/app/app      # to /opt/app/app
      readOnly: true               # as read-only
    ...
  volumes:
    ...
  - name: app-env-vol              # create app-env volume
    secret:
      secretName: app-env          # with secret name.
    ...

Your application should be able to access its envs in /opt/app/app/.env.

score -2 · Answer 2 · answered Mar 31 '22 at 04:04

Use wget or a cloud provider cli command to pull it down at runtime.

You must use some auth mechanism to protect it in the "config file store" for example IAM and a secure Bucket. Or your config store should also accept files.

mv the file into the appropriate opt dir.

How to invoke a .env file into a Django project that runs in a Docker container on a K8s server?

2 Answers2