Is there a way to put Kubernetes secret value in args field of yaml file

5/9/2018

I have a kubernetes yaml deployment file which accepts db username and password as arguments as shown below.

args:
        - "-db_host=postgres"
        - "-db_port=5432"
        - "-db_username=postgres"
        - "-db_password=postgres"

To hide the values of db_username and db_password I thought of using kubernetes secret kind. But to achieve that I have to make db_username and db_password as environment variables so that I can use it something like as shown below:

args:
        - "-db_host=postgres"
        - "-db_port=5432"
env:
        - name: db_username
          valueFrom:
            secretKeyRef:
              name: db-secret
              key: db-user
        - name: db_password
          valueFrom:
            secretKeyRef:
              name: db-secret
              key: db-pass

Is there any way we can use secret in args itself so that I don't have to do the 2nd approach.

-- Tinkal Gogoi
kubernetes
kubernetes-secrets
kubernetes-security

1 Answer

5/9/2018

Once you have an environment variable you can embed its value into the arguments:

env:
- name: MESSAGE
  value: "hello world"
command: ["/bin/echo"]
args: ["$(MESSAGE)"]

Or in your case:

args:
        - "-db_host=postgres"
        - "-db_port=5432"
        - "-db_username=$(db_username)"
        - "-db_password=$(db_password)"
env:
        - name: db_username
          valueFrom:
            secretKeyRef:
              name: db-secret
              key: db-user
        - name: db_password
          valueFrom:
            secretKeyRef:
              name: db-secret
              key: db-pass

The reference can be found here

-- Erez Rabih
Source: StackOverflow