Michael Kemmerzell
Reputation: 5256
How to inject Kubernetes Volume secrets also as Env variable to the Pod?
My goal is to create an environment variable for the pod out of a mounted secret volume. I want to skip the intermediate step with creating Kubernetes secret (and refer the k8s secret for the env) so nothing is stored on the etcd storage.
I am using the CSI Driver to mount the secrets of my Azure Key Vault. The volume is working correctly.
Deployment.yaml:
...
spec:
volumes:
- name: keyvault-secrets
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: kevault-secrets
containers:
- name: busybox
image: k8s.gcr.io/e2e-test-images/busybox:1.29
command:
- /bin/sh
args:
- '-c'
- >-
SECRET1=$(cat /mnt/keyvault-secrets/secret1); export SECRET1;echo
$SECRET1; sleep 1d;
volumeMounts:
- name: keyvault-secrets
readOnly: true
mountPath: /mnt/keyvault-secrets
On startup the Pod is able to populate the environment variable and even prints its value correctly on the console. If I log into the Pod the environment variable is gone.
Any ideas why the environment variable vanishes?
Upvotes: 2
Views: 1358
Answers (1)
gohm'c
Reputation: 15490
Environment set in a shell session (like the one in your command) is local to that session only.
Upvotes: 2
Related Questions
- How to inject kubernetes secret into configuration file
- Loading secrets as ENV from init container
- How to create a secret in the k8s cluster from a pod's container?
- How to copy kubernetes/openshift secrets into a volume for init container job?
- How to inject secrets from Google Secret Manager into Kubernetes Pod as environment variable?
- Attaching secret to running pod
- Mount Kubernetes secret at pod runtime
- Accessing container mounted volumes in Kubernetes from docker container
- Kubernetes env variable to containers
- Kubernetes using secrets in pod