K
Q

How to read the secret in rancher?

8/12/2020

I'm using rancher and I set a secret using the rancher's GUI. I'm trying to make my application read this secret. Let's say the secret is called pass and I want to read it. Being known with docker, I wrote the following code:

    readDockerSecret: function(secretName) {
        return fs.readFileSync(`/run/secrets/${secretName}`, 'utf8');
    }
    // code

    // read secret
    try {
        var secretName = "pass";
        var pass = utils.readDockerSecret(pass);
    } catch (err) {
        if (err.code !== 'ENOENT') {
            logger.error(`An error occurred while trying to read the secret: ${secretName}. Err: ${err}`);
        } else {
            logger.debug(`Could not find the secret: ${secretName}. Err: ${err}`);
        }
    }

But when I use it in rancher, it never finds the secret. In the rancher shell in the GUI I can see that I have the following herechy:

ls -la /run/secrets
total 0
drwxr-xr-x 1 root root 27 Aug 10 11:02 .
drwxr-xr-x 1 root root 21 Aug 10 10:53 ..
drwxr-xr-x 2 root root 40 Aug 10 11:02 credentials.d
drwxr-xr-x 3 root root 28 Aug 10 11:02 kubernetes.io

credentials.d is empty. But kubernetes.io contains:

/run/secrets/kubernetes.io
total 0
drwxr-xr-x 3 root root  28 Aug 10 11:02 .
drwxr-xr-x 1 root root  27 Aug 10 11:02 ..
drwxrwxrwt 3 root root 140 Aug 10 11:02 serviceaccount

 ls -la  /run/secrets/kubernetes.io/serviceaccount/
total 0
drwxrwxrwt 3 root root 140 Aug 10 11:02 .
drwxr-xr-x 3 root root  28 Aug 10 11:02 ..
drwxr-xr-x 2 root root 100 Aug 10 11:02 ..2020_08_10_11_02_18.157580662
lrwxrwxrwx 1 root root  31 Aug 10 11:02 ..data -> ..2020_08_10_11_02_18.157580662
lrwxrwxrwx 1 root root  13 Aug 10 11:02 ca.crt -> ..data/ca.crt
lrwxrwxrwx 1 root root  16 Aug 10 11:02 namespace -> ..data/namespace
lrwxrwxrwx 1 root root  12 Aug 10 11:02 token -> ..data/token

No sign for pass anywhere. Tried also to grep but without any luck. How should I read the secret in rancher?

EDIT: The screenshot:

enter image description here

In the yaml we have:

   spec:
      containers:
      - envFrom:
        - prefix: pass
          secretRef:
            name: pass
            optional: false
        image: <image-url>
        imagePullPolicy: Always
        name: <app-name>
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities: {}
          privileged: false
          readOnlyRootFilesystem: false
          runAsNonRoot: false
        stdin: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        tty: true
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: pass
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
status:
-- vesii
docker
kubernetes
rancher

Similar Questions

How to get client IP address from inside a Azure Kubernetes with a LoadBalancer service
Using Gmail API from an app running inside container
0/1 nodes are available 1 node(s) had diskpressure
echo container image:tag (URI) in kubernetes readinessProbe or livenessProbe
How Does Dynamic Service Discovery Work When Using Docker Compose Or Kubernetes?

1 Answer

8/12/2020

To be able to use a secret from inside a pod, you first need to "mount" that secret into the pod, either as an environment variable or a file. The secrets docs describe in detail how to do that.

-- BogdanL
Source: StackOverflow