0

I am able to get a secrets file pulled from AWS Secrets Manager and mounted in the container. The format of the secrets file is as follows:

{"testkey":"datepie"}

How do I reformat the file to be like this:

testkey=datepie

Here is my manifest file:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-app
  labels:
    app: test-app
spec:
  replicas: 2
  selector:
    matchLabels:
      app: test-app
  template:
    metadata:
      labels:
        app: test-app
    spec:
      serviceAccountName: test-service-account
      containers:
      - name: test-app
        image: 111122223333.dkr.ecr.us-west-2.amazonaws.com/test.example:test-service-1.0.0-main
        volumeMounts:
          - name: test-secrets
            mountPath: /mnt/
            readOnly: true
. . .
      volumes:
      - name: test-secrets
        csi:
          driver: secrets-store.csi.k8s.io
          readOnly: true
          volumeAttributes:
            secretProviderClass: test-secrets
Jonas
  • 121,568
  • 97
  • 310
  • 388
Nova
  • 1,234
  • 3
  • 12
  • 25
  • This question might be better suited for [sf] or [DevOps](https://devops.stackexchange.com/). – Turing85 Aug 20 '21 at 21:41
  • @Turing85 questions about ConfigMap and Secrets are on-topic, its about configuring the environment variables for the app the developer develops. – Jonas Aug 20 '21 at 22:02
  • Added my manifest file to the question - it's one step downstream beyond devops... – Nova Aug 20 '21 at 22:03
  • @NovaS. There is no way to transform the content in Secrets - Kubernetes only mounts what is in the Secret. – Jonas Aug 20 '21 at 22:04
  • 1
    @Jonas Thanks, that's what I thought. I'll see if the AWS secrets format can be changed within AWS. – Nova Aug 20 '21 at 22:06

2 Answers2

1

I figured it out. Use the desired format in the AWS Secrets Manager itself, so in the "Secret value" part, select "Plaintext" and put testkey=datepie in the box. The "Secret key/value" tab will no longer be usable, which is not an issue.

enter image description here

Nova
  • 1,234
  • 3
  • 12
  • 25
0

What you see is what you get. The volume mount form will only ever be the value with the key as a filename.

coderanger
  • 52,400
  • 4
  • 52
  • 75