K
Q

Is there a way in a Helm chart to take secrets stored as text strings and write them out to a file while installing the chart?

1/16/2020

I am working on my first project using AWS EKS. My company has their own proprietary workflow for deploying apps to EKS which includes the requirement to use Helm. I need to take terraform and k8s yaml code provided by a vendor to stand up their app, and convert it to fit my company's proprietary standards. One of those standards requires that secrets not be stored with the code. I have to store secrets as text strings in a specific secrets.yaml file, which is then stored in a secure location and brought into the chart on the fly while it's installing it.

That's the background, now here's the question... The vendor provided app is designed to ingest credentials in the form of a text file. This text file is expected to be in with the code, which I can't do. Is there a way to embed a script or something within my Helm chart which can take these credentials which I have stored in the secrets file as a text string, and output to a temporary text file while the chart is being installed so that the file exists that the app needs?

-- Rich
eks
kubernetes-helm

Similar Questions

kubernetespodoperator vs kubernetesjoboperator in airflow
nodejs express server api - lots of requests - event loop stuck?
Activate kubernetes logs only for selected pods
How to use a config map to create a single file within container?
Kubernetes deployment order handling

1 Answer

1/16/2020

I assume the secrets.yaml is added as a Kubernetes Secret in your environment?

What you can do is add the secret as a file in your app.

apiVersion: v1
kind: Pod
metadata:
  name: secret-volume-example
spec:
  containers:
  - name: provider-app
    image: provider-app
    volumeMounts:
    - name: foo
      mountPath: "/path/to/provider/expected/location"
      readOnly: true
  volumes:
  - name: foo
    secret:
      secretName: mysecret
-- Blokje5
Source: StackOverflow