Secrets are referenced in the pod definition under the containers and env sections. We will use the secrets that we previously defined in a pod, and learn how to use them in an application:
- Save the following configuration in a file called pod-with-env-secrets.yaml:
apiVersion: v1
kind: Pod
metadata:
name: secret-using-env
spec:
containers:
- name: nginx
image: nginx
env:
- name: SECRET_URL
valueFrom:
secretKeyRef:
name: myapi-url-token
key: secreturl.txt
- name: SECRET_TOKEN
valueFrom:
secretKeyRef:
name: myapi-url-token
key: secrettoken.txt
restartPolicy: Never
Under env, we define the env name as SECRET_URL. Then kubernetes gets the value by using the valueFrom. It is referred to a key in the secret data using secretKeyRef with the myapi-url-token name. Finally, take the value present in the secreturl.txt key.
Similarly, we ask the SECRET_TOKEN value to be set by using the value present in the secrettoken.txt key.
- Let's now create the pod and see whether it really worked:
kubectl create -f pod-with-env-secrets.yaml
- Check whether the environment variables are set correctly:
kc exec -it secret-using-env bash
root@secret-using-env:/# echo $SECRET_URL
https://my-secret-url-location.topsecret.com
root@secret-using-env:/# echo $SECRET_TOKEN
/x~Lhx Az!,;.Vk%[#n+";9p%jGF6[
Any application can use the secret values by referencing the appropriate env variables. Please note that both the application and the pod definition have no hardcoded secrets.