Note_Tech

All technological notes.

Project maintained by simonangel-fong Hosted on GitHub Pages — Theme by mattgraham

Kubernetes: Storage - Use secret as Environment Variable

Back

Use secret as Environment Variables

# specify keys
spec:
  containers:
  - name: busybox
    env:
    - name: TLS_CERT
        valueFrom:
          secretKeyRef:
            name: tls-secret
            key: tls.crt

Lab: Use Secret as Environment variables

Create Secret

kubectl create secret generic app-secret --from-literal=DB_USER=user --from-literal=DB_PWD=pwd
# secret/app-secret created

Import a Key from one Secret

apiVersion: v1
kind: Pod
metadata:
  name: pod-secret-key
spec:
  containers:
    - name: myapp
      command: ["sh", "-c", "env | grep -E 'DB_USER|DB_PWD' && sleep 2000"]
      image: busybox:latest
      env:
        - name: DB_USER
          valueFrom:
            secretKeyRef:
              name: app-secret
              key: DB_USER

kubectl create -f pod-secret-key.yaml
# pod/pod-secret-key created

kubectl get pod
# NAME             READY   STATUS    RESTARTS   AGE
# pod-secret-key   1/1     Running   0          18s

kubectl logs pod/pod-secret-key
# DB_USER=user

kubectl delete pod/pod-secret-key
# pod "pod-secret-key" deleted from default namespace

Bulk Import

apiVersion: v1
kind: Pod
metadata:
  name: pod-secret-bulk
spec:
  containers:
    - name: myapp
      command: ["sh", "-c", "env | grep -E 'DB_USER|DB_PWD' && sleep 2000"]
      image: busybox:latest
      envFrom:
        - secretRef:
            name: app-secret

kubectl create -f pod-secret-bulk.yaml
# pod/pod-secret-bulk created

kubectl get pod
# NAME              READY   STATUS    RESTARTS   AGE
# pod-secret-bulk   1/1     Running   0          13s

kubectl logs pod/pod-secret-bulk
# DB_PWD=pwd
# DB_USER=user

kubectl delete pod/pod-secret-bulk
# pod "pod-secret-bulk" deleted from default namespace