In terms of accessing Secrets inside a Pod, add env section inside the container spec as follows:
// using access-token Secret inside a Pod
# cat 2-7-2_env.yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-example-env
spec:
containers:
- name: ubuntu
image: ubuntu
command: ["/bin/sh", "-c", "while : ;do echo $ACCESS_TOKEN; sleep 10; done"]
env:
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: access-token
key: 2-7-1_access-token
// create a pod
# kubectl create -f 2-7-2_env.yaml
pod "secret-example-env" created
In the preceding example, we expose 2-7-1_access-token key in access-token Secret as ACCESS_TOKEN environment variable, and print it out through a while infinite loop. Check the stdout via kubectl log command:
// check stdout logs
# kubectl logs -f secret-example-env
9S!g0U61699r
Note that the environment variable was exposed during Pod creation. If a new value of Secret is pushed, you'll have to re-launch/rolling-update a Pod or Deployment to reflect that.
If we describe the secret-example-env Pod, we can see that an environment variable was set to a Secret:
# kubectl describe pods secret-example-env
Name: secret-example-env
...
Environment:
ACCESS_TOKEN: <set to the key '2-7-1_access-token' in secret 'access-token'>