How to setting Kubernetes Secret to environment variables

In Kubernetes, some sensitive information needs to be managed in Pods, which can be managed by Kubernetes secret.

Here we will demonstrate how to manage secrets.

First, run your cluster (or you can reference the tutorials GETTING START TO RUN KUBERNETES ) to prepare your local environment.

In this tutorial, we will using above example to demonstrated, and you should use this image version the get the HELLO_VAR in application: adon988/go-github-action-helloworld:v1.0.3

...
    spec:
      containers:
      - name: go-app
        image: adon988/go-github-action-helloworld:v1.0.3

This version will read an environment variable HELLO_VAR,

Prepare your secret data

Prepare secret data like the following:

> echo -n 'hello this is HELLO_VAR environemnt value' | base64

aGVsbG8gdGhpcyBpcyBIRUxMT19WQVIgZW52aXJvbmVtbnQgdmFsdWU=

Add secret data to your deployment:

pod.yaml

...
---
apiVersion: v1
kind: Secret
metadata:
  name: my-secret
data:
  my_hello_var: aGVsbG8gdGhpcyBpcyBIRUxMT19WQVIgZW52aXJvbmVtbnQgdmFsdWU=

Apply secret data and get secret

Apply the deployment change:

 kubectl apply -f pod.yaml

Get your secret data

> kubectl get secret my-secret
NAME        TYPE     DATA   AGE
my-secret   Opaque   1      3m27s

Checkout more detail about secret data:

> kubectl describe secret my-Secret

Name:         my-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
my_hello_var:  41 bytes

Setting kubernetes environment variables

Adjust the deployment and setting of the secret data to pod environment:

pod.yaml

...
    spec:
      containers:
      - name: go-app
        image: adon988/go-github-action-helloworld:v1.0.3
        imagePullPolicy: Always
        env:
        - name: HELLO_VAR
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: my_hello_var

Re-apply the pod

kubectl apply -f pod.yaml

Get pod name:

> kubectl get pods

NAME                       READY   STATUS    RESTARTS   AGE
go-test-54567f7987-6pbd9   1/1     Running   0          78s
go-test-54567f7987-t9jjc   1/1     Running   0          84s

Here we use exec to acces one pod and check the environment:

> kubectl exec -it go-test-54567f7987-6pbd9 -- /bin/sh -c 'env | grep HELLO_VAR'
HELLO_VAR=hello this is HELLO_VAR environemnt value

Finally, access the application at http://localhost:8080 and see the following message, it means that we success got the environment variable:

Hi Service work in terraform v1.0.3! hello this is HELLO_VAR environemnt value