Kubernetes injecting secret key as token into a set template file AKS

Question

I have a pod and inside it, i need to override a configuration.txt file that contains id and password to database.

For example : when running the application it looks to see if /etc/configuration.txt exists , if not it uses a default id and password.

The configuration file is a set template - which is the part that confuses me. How do i insert the ID and password into the config file?. (i am able to set secret inside /etc/configuration.txt but not sure on how to insert 'tokens' or secret values.

configuration.txt

id=test
password=test

//rest of the content in side the file to remain the same

If someone could tell me if this is the correct practice or if they can share an example.

Thanks in advance!

omega-nitro-zeus-x0 · Answer 1 · 2020-06-21T07:29:49.923

With ConfigMap

kubectl create configmap myconfig --from-file ./configuration.txt

update:

kubectl create configmap myconfig --from-file ./configuration.txt -o yaml --dry-run | kubectl replace -f -

// deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: YOUR_DEPLOYMENT_NAME
  namespace: YOUR_NAMESPACE
  labels:
    app: YOUR_DEPLOYMENT_NAME
spec:
  selector:
    matchLabels:
      app: YOUR_DEPLOYMENT_NAME
  template:
    metadata:
      labels:
        app: YOUR_DEPLOYMENT_NAME
    spec:
      containers:
        - name: YOUR_DEPLOYMENT_NAME
          image: YOUR_IMAGE_NAME
          imagePullPolicy: Always
          volumeMounts:
            - name: config
              mountPath: /etc/config
      volumes:
        - name: config
          configMap:
            name: myconfig

kubectl apply -f deployment.yaml

path: /etc/config/configuration.txt

With secret

convert password

$ echo -n "testpassword" | base64
dGVzdA==

// secrets.yaml

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  DB_PASSWORD: dGVzdA==

kubectl apply -f secrets.yaml

kubectl describe secret/mysecret

// deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: YOUR_DEPLOYMENT_NAME
  namespace: YOUR_NAMESPACE
  labels:
    app: YOUR_DEPLOYMENT_NAME
spec:
  selector:
    matchLabels:
      app: YOUR_DEPLOYMENT_NAME
  template:
    metadata:
      labels:
        app: YOUR_DEPLOYMENT_NAME
    spec:
      containers:
        - name: YOUR_DEPLOYMENT_NAME
          image: YOUR_IMAGE_NAME
          envFrom:
            - secretRef:
                name: mysecret
          imagePullPolicy: Always

kubectl apply -f deployment.yaml

with nodejs

const password = process.env.DB_PASSWORD?process.env.DB_PASSWORD:"default_password"

Thank you for the response. Regarding the secrets part, how is the secret inserted into the configuration.txt file and that mounted onto /etc/config ? And how is the nodejs part used? The instructions with config map - i understand it no issues — Rory Lester, Jun 21 '20 at 15:10
Have you read this https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/ ? — Malgorzata, Jun 23 '20 at 11:01

Kubernetes injecting secret key as token into a set template file AKS

1 Answers1

With ConfigMap

With secret