Last active
May 31, 2018 22:50
-
-
Save DStorck/bd43cfc907d9892fff2b8e685445a71c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # make secret with kubectl create secret generic my-secret --from-literal=key1=supersecret | |
| # to use secret in a env var | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: pod-secrets-to-env | |
| namespace: default | |
| spec: | |
| containers: | |
| - image: redis | |
| name: redis | |
| env: | |
| - name: | |
| ValueFrom: | |
| secretKeyRef: | |
| name: my-secret | |
| key: key1 | |
| --- | |
| # use secret via file | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: pod-secrets-via-file | |
| namespace: default | |
| spec: | |
| containers: | |
| - image: redis | |
| name: redis | |
| volumeMounts: | |
| - mountPath: /secrets | |
| name: foo | |
| volumes: | |
| - name: foo | |
| secret: | |
| secretName: my-secret |
That’s it for pod-via-file. You can check if it works by kubectl exec into the pod and looking for the file with ls -l / and finding the secrets folder. The key should be a filename in there, and cat’ing it should read the value.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
this assumes secret has been already created called
my-secretwithkey1:<some_value>