Stack Overflow
Stack Overflow

Questions tagged [kubernetes-secrets]

415 questions
0
votes
2 answers

Springboot: How to reference a variable from Kubernetes secret

I have springboot2.4.0. I am trying to read a variable in K8s secret by using springboot @Value and application.properties but it doesn't work out. It can only print localxyz instead of dXNlcg==("user"). Anything I'm doing wrong? My springboot…
harryk
  • 123
  • 1
  • 10
0
votes
1 answer

Make Airflow load all keys in a Kubernetes secret without specifying the keys

I am using Google Cloud Composer 1.17.7 with Airflow 2.1.4. I am mainly following these docs. I created a Kubernetes secret that looks like this: apiVersion: v1 data: KEY1: base64encodedvalue1 KEY2: base64encodedvalue2 KEY3:…
Giulia Savorgnan
  • 63
  • 6
0
votes
0 answers

Hashicorp Vault - best/tidiest way to replace k8s secrets in existing Helm charts

About to start using Vault. as far as i can see for distribution of secrets we have: Vault Sidecar injector - able to write secrets to a k8s volume. bansaiCloud bank-vaults mutating webhook - inject vault secrets as environment variables How are…
g0pher
  • 59
  • 8
0
votes
1 answer

How can I natively load docker secrets mounted as a volume in spring boot

How can my spring boot application running inside a container access docker secrets mounted as a volume inside that same container? Commonly suggested methods I DO NOT want to use: Echo the secret into an environment variable - this is…
stewartie4
  • 190
  • 1
  • 8
0
votes
0 answers

Removed k8s secret's data persists after updates

I have a k8s secret yaml definition with some data items already applied in the cluster. After removing some data items from the yaml file, and updating the secret with kubectl apply, those removed data items still persists in the secret object…
beni0888
  • 1,050
  • 1
  • 12
  • 40
0
votes
1 answer

How to create template in the helm chart?

I need to create template for secret value. This is the secret file: apiVersion: v1 kind: Secret metadata: name: secret type: Opaque stringData: "user": "user" "password": "password" And this is what I have created in the _helpers.tpl {{/* …
Java
  • 91
  • 1
  • 7
0
votes
2 answers

How to use kubernetes sealed secrets with helm templates

I just came across the sealed secrets tool https://github.com/bitnami-labs/sealed-secrets for encrypting secrets in kubernetes with added benefits of being able to commit those to git I am a bit disappointed that such a great tool did not address…
uberrebu
  • 3,597
  • 9
  • 38
  • 73
0
votes
1 answer

Change user and group for a configmap and secret volume mounts

We are mounting all the volumes as a non-root user inside the container in a pod using the securityContext. However, for all the configmaps and secrets the volumemount user is still root. I tried the initContainer approach without any success. I…
Nishant Kansal
  • 501
  • 1
  • 10
  • 23
0
votes
1 answer

Create secret for gcp service account for helm

I am trying to authenticate to the GCP account when I deploy velero to the cluster, Is there any way I can create the secret of the below content and pass it to helm rather then passing all the variable in this yaml file? credentials: useSecret:…
Eveline Ribka Nelwan
  • 101
  • 10
0
votes
1 answer

Mount volumes with Secrets using Python Kubernetes API

I'm writing an Airflow DAG using the KubernetesPodOperator. A Python process running in the container must open a file with sensitive data: with open('credentials/jira_credentials.json', 'r') as f: creds = json.load(f) and a CloudStorage client…
balkon16
  • 1,338
  • 4
  • 20
  • 40
0
votes
1 answer

read kubernetes secrets mounted as volume in application.properties spring boot application

I created kubenertes secret echo -n 'myusername' > username.txt echo -n 'pa55word' > password.txt kubectl create secret generic esb-database-secret-vol --from-file=username.txt --from-file=password.txt I created pod manifest as spec: containers: …
user3058642
  • 35
  • 7
0
votes
1 answer

terraform create k8s secret from gcp secret

I have managed to achieve the flow of creating sensitive resources in terraform, without revealing what the sensitive details are at any point and therefore won't be stored in plain text in our github repo. I have done this by letting TF create a…
sc-leeds
  • 399
  • 3
  • 15
0
votes
1 answer

Kubernetes secrets and AWS Secrets Manager - put different ARNs into the same file?

I have multiple secrets in AWS Secrets Manager and I would like them to all end up in the same file when mounted in the Kubernetes container. How do I specify the manifest file to do that? My manifest file looks like the below. I end up with two…
Nova
  • 1,234
  • 3
  • 12
  • 25
0
votes
2 answers

Change Kubernetes secrets file format in mounted volume

I am able to get a secrets file pulled from AWS Secrets Manager and mounted in the container. The format of the secrets file is as follows: {"testkey":"datepie"} How do I reformat the file to be like this: testkey=datepie Here is my manifest…
Nova
  • 1,234
  • 3
  • 12
  • 25
0
votes
0 answers

Unable to fetch Vault Token for Pod Service Account

I am using Vault CSI Driver on Charmed Kubernetes v1.19 where I'm trying to retrieve secrets from Vault for a pod running in a separate namespace (webapp) with its own service account (webapp-sa) following the steps in the blog. As I have been able…
sanakhanlibre
  • 47
  • 1
  • 9
1 2 3
27 28