How to make existing configmaps use kubernetes secrets

Question

I am a newbie to kubernetes and I have to implement kubernetes secrets for existing configmaps with passwords hardcorded.

I have 2 configmaps for each pod, 1 settings.yaml and other settings_override.yaml. I have to make override file read environment variables where I have kept base64 secrets. I have created secrets and can see them in pods after printenv.

Kindly suggest me how can I make my settings_override.yaml file read these environment secrets.

Note: if I just remove the key:value pair from settings_override.yaml file then it is picking value from settings.yaml but not from my env variable.

Settings and setting_override file for reference:

apiVersion: v1 data: setting.json: | { "test": { "testpswd": "test123", "testPort": "123", }, }

apiVersion: v1 data: setting_override.json: | { "test": { "testpswd": "test456", "testPort": "456", }, }

Answer 1

As per my knowledge what you're trying to accomplish is not possible in Kubernetes.

A general reminder: Secrets are for confidential data and ConfigMaps are for non-confidential data.

You can't import a Secret into a ConfigMap or vice versa.

You can however fill environment variables from a Secret ( secretKeyRef ) or a ConfigMap ( configMapKeyRef ) like this:

    env:
    - name: FOO
      valueFrom:
        configMapKeyRef:
          name: nonconfidentialdatahere
          key: nonconfidentialdatahere
    - name: BAR
      valueFrom:
        secretKeyRef:
          name: confidentialdatahere
          key: confidentialdatahere

So I suggest you read the port from your ConfigMap and the password from your Secret into an environment variable in your pod/deployment declaration and then start whatever service you want by passing those environment variables.