This is part II to illustrate how to setting secret to kubernetes pod local file.

(Aobut the setting secret to environment variables can reference : How to setting kubernetes secret to environment variables )

In Kubernetes, some sensitive information needs to be managed in Pods, which can be managed by Kubernetes secret.

Here we will demonstrate how to manage secrets and save to pod local file.

Prepare secret data

Prepare secret data like the following:

> echo -n 'hello this is HELLO_VAR environemnt value' | base64


Add secret data to your deployment:


apiVersion: v1
kind: Secret
  name: my-secret
  my_hello_var: aGVsbG8gdGhpcyBpcyBIRUxMT19WQVIgZW52aXJvbmVtbnQgdmFsdWU=

Apply secret data and get secret

Apply the deployment change:

 kubectl apply -f pod.yaml

Get your secret data

> kubectl get secret my-secret
NAME        TYPE     DATA   AGE
my-secret   Opaque   1      3m27s

Checkout more detail about secret data:

> kubectl describe secret my-Secret

Name:         my-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

my_hello_var:  41 bytes

Setting kubernetes

First, in the containers to create a secret data volumes, and setting the name and secret valeu.

Next, setting the containers volumeMounts to mounts the secret volumes.


      - name: go-app
        image: adon988/go-github-action-helloworld:v1.0.3
        imagePullPolicy: Always
          - name: my-secret-volume
            mountPath: /etc/my-secret-vol
        - containerPort: 8080
      # create a secret data that will exposed to container to valume, which can access this volume in the pod
        - name: my-secret-volume
            secretName: my-secret

Re-apply the pod

kubectl apply -f pod.yaml

Get pod name:

> kubectl get pods

NAME                       READY   STATUS    RESTARTS   AGE
go-test-54567f7987-6pbd9   1/1     Running   0          78s
go-test-54567f7987-t9jjc   1/1     Running   0          84s

Here we use exec to acces one pod and check pod local secret file, and will return hello message like following:

> kubectl exec -it go-test-54567f7987-6pbd9 -- /bin/sh -c 'cat /etc/my-secret-vol/my_hello_var'

hello this is HELLO_VAR environemnt value%