I am a newbie to kubernetes and I have to implement kubernetes secrets for existing configmaps with passwords hardcorded.
I have 2 configmaps for each pod, 1 settings.yaml and other settings_override.yaml. I have to make override file read environment variables where I have kept base64 secrets. I have created secrets and can see them in pods after printenv.
Kindly suggest me how can I make my settings_override.yaml file read these environment secrets.
Note: if I just remove the key:value pair from settings_override.yaml file then it is picking value from settings.yaml but not from my env variable.
Settings and setting_override file for reference:
apiVersion: v1 data: setting.json: | { "test": { "testpswd": "test123", "testPort": "123", }, }
apiVersion: v1 data: setting_override.json: | { "test": { "testpswd": "test456", "testPort": "456", }, }
As per my knowledge what you're trying to accomplish is not possible in Kubernetes.
A general reminder: Secrets are for confidential data and ConfigMaps are for non-confidential data.
You can't import a Secret into a ConfigMap or vice versa.
You can however fill environment variables from a Secret (secretKeyRef) or a ConfigMap (configMapKeyRef) like this:
env:
- name: FOO
valueFrom:
configMapKeyRef:
name: nonconfidentialdatahere
key: nonconfidentialdatahere
- name: BAR
valueFrom:
secretKeyRef:
name: confidentialdatahere
key: confidentialdatahereSo I suggest you read the port from your ConfigMap and the password from your Secret into an environment variable in your pod/deployment declaration and then start whatever service you want by passing those environment variables.