How to Setting Kubernetes Secret to Pod Local File

This is part II to illustrate how to setting secret to kubernetes pod local file.

(Aobut the setting secret to environment variables can reference : How to setting kubernetes secret to environment variables )

In Kubernetes, some sensitive information needs to be managed in Pods, which can be managed by Kubernetes secret.

Here we will demonstrate how to manage secrets and save to pod local file.

Prepare secret data

Prepare secret data like the following:

> echo -n 'hello this is HELLO_VAR environemnt value' | base64

aGVsbG8gdGhpcyBpcyBIRUxMT19WQVIgZW52aXJvbmVtbnQgdmFsdWU=

Add secret data to your deployment:

pod.yaml

...
---
apiVersion: v1
kind: Secret
metadata:
  name: my-secret
data:
  my_hello_var: aGVsbG8gdGhpcyBpcyBIRUxMT19WQVIgZW52aXJvbmVtbnQgdmFsdWU=

Apply secret data and get secret

Apply the deployment change:

 kubectl apply -f pod.yaml

Get your secret data

> kubectl get secret my-secret
NAME        TYPE     DATA   AGE
my-secret   Opaque   1      3m27s

Checkout more detail about secret data:

> kubectl describe secret my-Secret

Name:         my-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
my_hello_var:  41 bytes

Setting kubernetes

First, in the containers to create a secret data volumes, and setting the name and secret valeu.

Next, setting the containers volumeMounts to mounts the secret volumes.

pod.yaml

...
    spec:
      containers:
      - name: go-app
        image: adon988/go-github-action-helloworld:v1.0.3
        imagePullPolicy: Always
        volumeMounts:
          - name: my-secret-volume
            mountPath: /etc/my-secret-vol
        ports:
        - containerPort: 8080
      # create a secret data that will exposed to container to valume, which can access this volume in the pod
      volumes:
        - name: my-secret-volume
          secret:
            secretName: my-secret

Re-apply the pod

kubectl apply -f pod.yaml

Get pod name:

> kubectl get pods

NAME                       READY   STATUS    RESTARTS   AGE
go-test-54567f7987-6pbd9   1/1     Running   0          78s
go-test-54567f7987-t9jjc   1/1     Running   0          84s

Here we use exec to acces one pod and check pod local secret file, and will return hello message like following:

> kubectl exec -it go-test-54567f7987-6pbd9 -- /bin/sh -c 'cat /etc/my-secret-vol/my_hello_var'

hello this is HELLO_VAR environemnt value%