1

We are storing secrets in GCP Secret Manager, during an app deployment we using an init container which fetches secrets and places them in volume (path). Going forward we need the requirement is to load the secrets as env variable on the main container needing the secrets from the init container, instead of the paths. How can it be achieved ? Any workaround ?

Thank you !

Sanjay M. P.
  • 919
  • 1
  • 16
  • 33

1 Answers1

1

You can copy from GSM into a Kubernetes Secret and then use that in a normal envFrom or you can have the init container write a file into a shared emptyDir volume and then change the command on the main container to be something like command: [bash, -c, "source /shared/env && exec original command"]. The latter requires you rewrite the command fully though which is annoying.

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • Thanks ! for the first method there is "kubernetes external secrets" project where we can copy over from GSM to k8s secrets, but the secrets will be base64 encoded, not very sure if its acceptable in a Prod env ? Second method not sure how to go about with it for each secret. – Sanjay M. P. Jul 27 '21 at 12:59
  • I explained how you go about it, an initContainer reads from the external system and writes to a file, main container sources that file before launching the main process. – coderanger Jul 27 '21 at 19:44