K
Q

Pod does not see secrets

5/6/2020

The pod that created in the same default namespace as it's secret does not see values from it.

Secret's file contains following:

apiVersion: v1
kind: Secret
metadata:
  name: backend-secret
data:
  SECRET_KEY: <base64 of value>
  DEBUG: <base64 of value>

After creating this secret via kubectl create -f backend-secret.yaml I'm launching pod with the following configuration:

apiVersion: v1
kind: Pod
metadata:
  name: backend
spec:
  containers:
    - image: backend
      name: backend
      ports:
        - containerPort: 8000
  imagePullSecrets:
    - name: dockerhub-credentials
  volumes:
  - name: secret
    secret:
      secretName: backend-secret

But pod crashes after trying to extract this environment variable via python's os.environ['DEBUG'] line.

How to make it work?

-- Vassily
kubernetes
kubernetes-pod

Similar Questions

ClamAV pod not starting in Kubernetes deployed via helm
timebound execution of initcontainer
K8S file mount with secret - Error Read-only file system
Is it possible to define resource labels for OCI load balancers deployed via OKE Kubernetes Ingress?

2 Answers

5/7/2020

Finally, I've used these lines at Deployment.spec.template.spec.containers:

  containers:
  - name: backend
    image: zuber93/wts_backend
    imagePullPolicy: Always
    envFrom:
    - secretRef:
        name: backend-secret
    ports:
    - containerPort: 8000
-- Vassily
Source: StackOverflow
5/6/2020

If you mount secret as volume, it will be mounted in a defined directory where key name will be the file name. For example click here

If you want to access secrets from the environment into your pod then you need to use secret in an environment variable like following.

apiVersion: v1
kind: Pod
metadata:
  name: backend
spec:
  containers:
    - image: backend
      name: backend
      ports:
        - containerPort: 8000
      env:
      - name: DEBUG
        valueFrom:
          secretKeyRef:
            name: backend-secret
            key: DEBUG
      - name: SECRET_KEY
        valueFrom:
          secretKeyRef:
            name: backend-secret
            key: SECRET_KEY
  imagePullSecrets:
    - name: dockerhub-credentials

Ref: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables

-- hoque
Source: StackOverflow