Use Secret in Pods

Using secrets

We can use secrets as environmental variable as well as mounts inside a Pod

Injecting as environmental variable

$ vi pod-secret.yaml

apiVersion: v1       
kind: Pod
metadata:
  labels:
    run: debugger    
  name: debugger     
spec:     
  containers:        
  - image: ansilh/debug-tools   
    name: debugger   
    env:  
    - name: USER     
      valueFrom:     
       secretKeyRef:
        name: my-secret         
        key: user    
    - name: PASSWORD
      valueFrom:     
       secretKeyRef:
        name: my-secret         
        key: password

$ kubectl create -f pod-secret.yaml

$ kubectl get pods      
NAME       READY   STATUS    RESTARTS   AGE   
debugger   1/1     Running   0          17s

Logon to container and verify the environmental variables

$ kubectl exec -it debugger -- /bin/sh

Verify environment variables inside Pod

/ # echo $USER        
root       
/ # echo $PASSWORD    
mypassword
/ #

Delete the Pod

$ kubectl delete pod debugger

Mounting as files using volumes

$ vi pod-secret.yaml

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: debugger
  name: debugger
spec:
  volumes:
  - name: secret
    secret:
     secretName: my-secret
  containers:
  - image: ansilh/debug-tools
    name: debugger
    volumeMounts:
    - name: secret
      mountPath: /data

$ kubectl create -f pod-secret.yaml

$ kubectl exec -it debugger -- /bin/sh

/ # cd /data        
/data #             
/data # cat user    
root                
/data # cat password
mypassword          
/data #