K
Q

How to set Kubernetes config map and secret to mongodb environment variables

5/10/2021

I am trying to set the two env variables of mongo namely - MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD using kubernetes ConfigMap and Secret as follows:

When I don't use the config map and password, i.e. I hardcode the username and password, it works, but when I try to replace it with configmap and secret, it says

'Authentication failed.'

my username and password is the same, which is admin

Here's the yaml definition for these obects, can someone help me what is wrong?

apiVersion: v1
kind: ConfigMap
metadata:
  name: mongodb-username
data:
  username: admin
---
apiVersion: v1
kind: Secret
metadata:
  name: mongodb-password
data:
  password: YWRtaW4K  
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mongodbtest
spec:
  # serviceName: mongodbtest
  replicas: 1
  selector:
    matchLabels:
      app: mongodbtest
  template:
    metadata:
      labels:
        app: mongodbtest
        selector: mongodbtest
    spec:
      containers:
      - name: mongodbtest
        image: mongo:3       
        # env:
        #   - name: MONGO_INITDB_ROOT_USERNAME
        #     value: admin
        #   - name: MONGO_INITDB_ROOT_PASSWORD
        #     value: admin
        env:
          - name: MONGO_INITDB_ROOT_USERNAME
            valueFrom:
              configMapKeyRef:
                name: mongodb-username
                key: username
          - name: MONGO_INITDB_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                name: mongodb-password
                key: password
-- Jananath Banuka
kubernetes
mongodb

Similar Questions

Kubernetes do I need to include port when directing?
How does Elasticseach's model translate into these High-Availability patterns?
Adding the --command flag vs not adding
Can't see results of cat command in container
Not able to get GOOGLE_APPLICATION_CREDENTIALS from GKE for Google Calendar API

3 Answers

5/10/2021
apiVersion: v1
data:
  MONGO_INITDB_ROOT_USERNAME: root
  MONGO_INITDB_ROOT_PASSWORD : password
kind: ConfigMap
metadata:
  name: mongo-cred
  namespace: default

inject it to deployment like 

envFrom:
        - configMapRef:
            name: mongo-cred

the deployment will be something like 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mongodbtest
spec:
  # serviceName: mongodbtest
  replicas: 1
  selector:
    matchLabels:
      app: mongodbtest
  template:
    metadata:
      labels:
        app: mongodbtest
        selector: mongodbtest
    spec:
      containers:
      - name: mongodbtest
        image: mongo:3    
      envFrom:
        - configMapRef:
            name: mongo-cred

if you want to save the data in secret, the secret is best practice to store data with encryption base64 and sensitive data. 

envFrom:
            - secretRef:
                name: mongo-cred

you can create the secret with

apiVersion: v1
data:
  MONGO_INITDB_ROOT_USERNAME: YWRtaW4K #base 64 encoded
  MONGO_INITDB_ROOT_PASSWORD : YWRtaW4K
kind: secret
type: Opaque
metadata:
  name: mongo-cred
  namespace: default
-- Harsh Manvar
Source: StackOverflow
5/10/2021

Your deployment yaml is fine, just change spec.containers[0].env to spec.containers[0].envFrom:

    spec:
      containers:
      - name: mongodbtest
        image: mongo:3       
        envFrom:
          - configMapRef:
              name: mongodb-username
          - secretRef:
              name: mongodb-password

That will put all keys of your secret and configmap as environment variables in the deployment.

-- TomerCBR
Source: StackOverflow
5/10/2021

Finally I was able to find the solution after hours, it is not something I did from kubernetes side, it is when I did base64 encode.

The correct way to encode is with following command:

echo -n 'admin' | base64

and this was the issue with me.

-- Jananath Banuka
Source: StackOverflow