Kubernetes - Use values from Secret in multiline configmap

Question

I am relativly new to Kubernetes and I have the following problem: We use Grafana in our Kubernetes Cluster, but currently the way our template.yaml file is built does not allow to use a secret form a password.

  - apiVersion: v1
    kind: ConfigMap
    metadata:
      labels:
        app: ${APP}
      name: "${APP}-ldap-file"
    data:
      ldap.toml: |-
        [[servers]]
        ....
        # Search user bind dn
        bind_dn = "uid=tu0213,cn=users,o=company,c=de"
        bind_password = ${BIND_PASSWORD}

parameters:
  - name: BIND_PASSWORD

Just using the password this way works fine, but it´s in plain text in a params file in our CI/CD Pipeline.

I a different repository I fould this:

  spec:
    containers:
    - name: nginx-auth-ldap
      image: ${REGISTRY}/${NAMESPACE}/nginx-auth-ldap:6
      imagePullPolicy: Always
      env: 
        - name: LDAP_BIND_DN
          valueFrom:
            secretKeyRef:
              name: ldap-bind-dn
              key: dn

Is this valueFrom approach also possible in my usecase?

Answer 1

The format you specify is correct. Just create a secret with name "ldap-bind-dn" and as a value provide your password there.

Path for secret: In openshift console go to Resources-> Secrets -> create secret.

spec:
containers:
- name: nginx-auth-ldap
  image: ${REGISTRY}/${NAMESPACE}/nginx-auth-ldap:6
  imagePullPolicy: Always
  env: 
    - name: LDAP_BIND_DN
      valueFrom:
        secretKeyRef:
          name: ldap-bind-dn
          key: dn

Answer 2

You can use a secret like that but you have to split the data into separate keys like this:

apiVersion: v1
kind: Secret
metadata:
  labels:
    app: ${APP}
  name: "${APP}-ldap-file"
stringData:
  dn: "uid=tu0213,cn=users,o=company,c=de"