1

I have a config json file in my application. This is single json file which has all configs required for my nodejs application. I have many connections to many db'. I even have bifurcation like stage and production. I don't want to create secret for each variable. I want to dump my complete JSON as secret. So that i can directly pick it up from there and use in my application. Anyway i can achieve it? I think its a generic problem.

Hacker
  • 7,798
  • 19
  • 84
  • 154

2 Answers2

1

The simple solution is to put the entire config file under stringData in the secret. Something like that:

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
stringData:
  config.json: |
   <your config goes here>

Now you can just mount the secret onto the pod , and you can read this config file.

While this work, it might be harder to use with GitOps solution, which usually requires you to encrypt the entire secret content. Using Kamus, you can create templated config file with encrypted values, in the following format:

apiVersion: v1
kind: ConfigMap
metadata:
  name: encrypted-secrets-cm
data:
  key: 4AD7lM6lc4dGvE3oF+5w8g==:WrcckiNNOAlMhuWHaM0kTw== //encrypted
  template.ejs: |
     <%- secrets["key"] %>
     hello

And use the init container to create the config file with the decrypted values. The value with the encrypted items can be safely committed to git.

Omer Levi Hevroni
  • 1,935
  • 1
  • 15
  • 33
1

You can use the following command:

kubectl -n <namespace> create cm secret --from-file=APPLICATION_CONFIG=./<your-config>

Mount that into certain path and you can read your config from those path.

irvifa
  • 1,865
  • 2
  • 16
  • 20