K
Q

Kubernetes injecting secret key as token into a set template file AKS

6/20/2020

I have a pod and inside it, i need to override a configuration.txt file that contains id and password to database.

For example : when running the application it looks to see if /etc/configuration.txt exists , if not it uses a default id and password.

The configuration file is a set template - which is the part that confuses me. How do i insert the ID and password into the config file?. (i am able to set secret inside /etc/configuration.txt but not sure on how to insert 'tokens' or secret values.

configuration.txt

id=test
password=test

//rest of the content in side the file to remain the same

If someone could tell me if this is the correct practice or if they can share an example.

Thanks in advance!

-- Rory Lester
aws-secrets-manager
kubectl
kubernetes
secret-key

Similar Questions

Enable the cluster autoscaler on existing Azure AKS Cluster
Getting "Unable to recognize \"hello-k8s.yml\": Unauthorized" error when running kubectl apply -f hello-k8s.yml in CodeBuild phase
Istio VirtualService rewrite prefix works like exact match
uid : unable to do port forwarding: socat not found using helm
Odp.Net core support for kubernetes

1 Answer

6/20/2020

With ConfigMap

kubectl create configmap myconfig --from-file ./configuration.txt

update:

kubectl create configmap myconfig --from-file ./configuration.txt -o yaml --dry-run | kubectl replace -f -

// deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: YOUR_DEPLOYMENT_NAME
  namespace: YOUR_NAMESPACE
  labels:
    app: YOUR_DEPLOYMENT_NAME
spec:
  selector:
    matchLabels:
      app: YOUR_DEPLOYMENT_NAME
  template:
    metadata:
      labels:
        app: YOUR_DEPLOYMENT_NAME
    spec:
      containers:
        - name: YOUR_DEPLOYMENT_NAME
          image: YOUR_IMAGE_NAME
          imagePullPolicy: Always
          volumeMounts:
            - name: config
              mountPath: /etc/config
      volumes:
        - name: config
          configMap:
            name: myconfig
kubectl apply -f deployment.yaml

path: /etc/config/configuration.txt

With secret

convert password

$ echo -n "testpassword" | base64
dGVzdA==

// secrets.yaml

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  DB_PASSWORD: dGVzdA==
kubectl apply -f secrets.yaml
kubectl describe secret/mysecret

// deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: YOUR_DEPLOYMENT_NAME
  namespace: YOUR_NAMESPACE
  labels:
    app: YOUR_DEPLOYMENT_NAME
spec:
  selector:
    matchLabels:
      app: YOUR_DEPLOYMENT_NAME
  template:
    metadata:
      labels:
        app: YOUR_DEPLOYMENT_NAME
    spec:
      containers:
        - name: YOUR_DEPLOYMENT_NAME
          image: YOUR_IMAGE_NAME
          envFrom:
            - secretRef:
                name: mysecret
          imagePullPolicy: Always
kubectl apply -f deployment.yaml

with nodejs

const password = process.env.DB_PASSWORD?process.env.DB_PASSWORD:"default_password"
-- omega-nitro-zeus-x0
Source: StackOverflow