Reputation: 8437
How to handle secrets in ConfigMaps?
I would like to use a Secret inside a ConfigMap. Is this possible?
Example:
An example where this might be required is if you would like to write from Fluentd to S3. In the configuration you have to add your AWS credentials.
Alternatives:
Using environment variables on the cluster itself. I do not like this idea, because the variable would still contain the secret as plain text.
Passing the password during set-up. If you are using deployment tools it might be possible to pass the secret during the deployment of your application. This is also not a nice solution since you are still passing the secret as plain text to the deployment tool. An advantage of this approach is that you do not accidentally check-in your secret to git.
Upvotes: 1
Views: 2980
Answers (2)
Reputation: 12228
Try to avoid making use of aws credentials in kubernetes.
As you can see aws_key_id and aws_sec_key are the optional fields.
Make use of AWS IAM role and assign it to the kubernetes nodes.
And then try to run your fluentd application without aws credentials in its config.
Just give it a try.
Hope this helps.
Update:
This article explain different ways to use aws iam for kubernetes.
Kube2iam and many other tools like this, might help. Give it a try.
Upvotes: 1
Related Questions
- When to use Secrets as opposed to ConfigMaps in Kubernetes?
- Inject secret value to configmap during deployment without using environment variables
- Concating values from configMap and secret
- Reference secret value from a configmap
- Using variables in Kubernetes via secret file
- How to point Kubernetes secrets to Configmap
- How to make existing configmaps use kubernetes secrets
- Kubernetes when to use secrets instead of configmap?
- Use Kubernetes secrets as environment variables inside a config map
- Using kubernetes secrets in a configmap