How to make existing configmaps use kubernetes secrets

0
votes

I am a newbie to kubernetes and I have to implement kubernetes secrets for existing configmaps with passwords hardcorded.

I have 2 configmaps for each pod, 1 settings.yaml and other settings_override.yaml. I have to make override file read environment variables where I have kept base64 secrets. I have created secrets and can see them in pods after printenv.

Kindly suggest me how can I make my settings_override.yaml file read these environment secrets.

Note: if I just remove the key:value pair from settings_override.yaml file then it is picking value from settings.yaml but not from my env variable.

Settings and setting_override file for reference:

apiVersion: v1 data: setting.json: | { "test": { "testpswd": "test123", "testPort": "123", }, }

apiVersion: v1 data: setting_override.json: | { "test": { "testpswd": "test456", "testPort": "456", }, }

1
kubernetesopenshiftconfigmapkubernetes-secrets
can you add your settings.yaml and settings_override.yaml for better understanding, remove anything which is confidential. - Here_2_learn
Hi, please find example below: apiVersion: v1 data: setting.json: | { "test": { "testpswd": "test123", "testPort": "123", }, } *********************************************************** apiVersion: v1 data: setting.override.json: | { "test": { "testpswd": "test456", "testPort": "456", }, } For settings_override file , i have created test_testpswd and test_testport as env variable. I want to remove these hardcoded values but unfortnately its not picking the env variable but taking values from setting file. - Anu Thakur
@Here_2_learn -- i have added details in the above comment. Sorry for the bad formatting of code. - Anu Thakur
It is bad formatting of code because you should edit your question instead of posting updates into comments; the comments are very space limited and (as you have seen) do not format code blocks well. Please move the comment content into your question - mdaniel
@AnuThakur I'm not sure what exactly you're trying to do. But I can ensure you that you want to update a configmap, you will need some other app that is able to read your pod's env and perform update operation on configmap. - Kamol Hasan

1 Answers

2
votes

As per my knowledge what you're trying to accomplish is not possible in Kubernetes.

A general reminder: Secrets are for confidential data and ConfigMaps are for non-confidential data.

You can't import a Secret into a ConfigMap or vice versa.

You can however fill environment variables from a Secret (secretKeyRef) or a ConfigMap (configMapKeyRef) like this:

    env:
    - name: FOO
      valueFrom:
        configMapKeyRef:
          name: nonconfidentialdatahere
          key: nonconfidentialdatahere
    - name: BAR
      valueFrom:
        secretKeyRef:
          name: confidentialdatahere
          key: confidentialdatahere

So I suggest you read the port from your ConfigMap and the password from your Secret into an environment variable in your pod/deployment declaration and then start whatever service you want by passing those environment variables.