K
Q

Unable to read my newly created Kubernetes secret

7/19/2018

I set my secret like this:

$ kubectl create secret generic aws-region VAL=eu-west-1 \
>           -o yaml --dry-run | kubectl replace -f -
secret "aws-region" replaced

Seems to be set:

kubectl get secret | ack region
aws-region                      Opaque                                0         20m

An I try to read it like this:

 76             - name: AWS_REGION
 77               valueFrom:
 78                 secretKeyRef:
 79                   name: aws-region
 80                   key: VAL

But that gives a CreateContainerConfigError when I run kubectl apply -f service.yml What am I doing wrong?

-- martins
kubernetes

Similar Questions

What is the workflow to build with docker AND docker-compose?
Kubernetes kube-apiserver service not started after reboot system
run kubernetes job in cloud builder
Kubernetes cannot access app via POD IP
I create both nginx and app service in k8s on port 80, how can I get to the app service
Delete a Job and wait until job is deleting in client-go
Docker how to set --net=host on aws red hat ec2
Update deployment labels using “kubectl patch” does not work in v1.18

1 Answer

7/19/2018

Since you're only showing us a small part of service.yaml it's impossible to tell where the error comes from but I can confirm the following works (using a test pod I created here):

$ kubectl create secret generic aws-region --from-literal=VAL=eu-west-1
$ kubectl apply -f pod.yaml 
$ kubectl describe po/envfromsecret
Name:         envfromsecret
Namespace:    default
...
Environment:
 AWS_REGION:  <set to the key 'VAL' in secret 'aws-region'>  Optional: false

UPDATE: I now noticed that the DATA column in the output of your kubectl get secret command is actually 0, that is, it's empty. Consider using the form I used above (with --from-literal=) to create the secret.

-- Michael Hausenblas
Source: StackOverflow