K
Q

Inject secret value to configmap during deployment without using environment variables

4/3/2019

I have a configmap like this

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: develop
  name: test-config
data:
  app.conf: |
    connection conn1
    address 127.0.0.1:8080
    user cluster1
    password: <HERE COPY PASS FROM SECRET>

app.conf section is mounted as a configuration file inside the container using

spec:
  replicas: 1
  ...
    spec:
      containers:
        - name: container-name
          ...
          volumeMounts:
            - name: test-config-vol
              mountPath: /etc/app/app.conf
              subPath: app.conf
      volumes:
        - name: test-config-vol
          configMap:
            name: test-config

the app reading that file is NOT able to read environment variables, and I cannot change that behavior, it is a third party app.

I wonder how can I inject password from a secret into password field during pod deployment

-- jmhostalet
configmap
kubernetes
kubernetes-secrets

Similar Questions

Start Kubernetes job with http request
Kuberenetes cert-manager and nginx
Why imagePullPolicy cannot be changed to other than Always in Kubernetes
Persistence of Configmap in kubernetes

1 Answer

4/3/2019

You can't, what you can do is mounting a Kuberentes secret with the password - see the documentation here. So you'll end up having 2 files - one from the config map and one from the secret.

If your app does not support multiple config files, you'll have to store the entire config file on the secret instead of the config map.

Also, please note that Kubernetes secrets cannot be stored on source control, as the secret data is encoded using base64 (see here for more details). There are multiple solutions for this problem, check out my post

-- Omer Levi Hevroni
Source: StackOverflow