Access an azure secret from vault in a kubernetes deployment yaml file

11/5/2020

Problem statement: Establish persistent storage between AKS cluster pods and storage account in Azure.

I am able to successfully establish persistent storage with the below yaml file:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test1
spec:
  replicas: 1
  selector:
      matchLabels:
        app: test1
  template:
    metadata:
      labels:
        app: test1
    spec:
      containers:
      - name: test1
        image: nginx
        volumeMounts:
        - name: azurefileshare
          mountPath: /usr/share/nginx/html
      volumes:
      - name: azurefileshare
        azureFile:
          shareName: persistentstoragedemofileshare
          secretName: test1-secret
          readOnly: false
---
apiVersion: v1
kind: Secret
metadata:
  name: test1-secret
type: Opaque
data:
  azurestorageaccountname: <some valuein base64>
  azurestorageaccountkey: <some valuein base64>

I have created a vault in Azure and added my secret in that vault using az cli . I also added access policies and gave my account (Principal) access to that secret.

I want to access the below values from my secret in base64 in my yaml file when I deploy the pod using helm.

azurestorageaccountname: <some valuein base64>
azurestorageaccountkey: <some valuein base64>

How can I achieve that ?

-- notageek27
azure
devops
kubernetes

0 Answers