How to inject Kubernetes Volume secrets also as Env variable to the Pod?
Question
My goal is to create an environment variable for the pod out of a mounted secret volume. I want to skip the intermediate step with creating Kubernetes secret (and refer the k8s secret for the env) so nothing is stored on the etcd storage.
I am using the CSI Driver to mount the secrets of my Azure Key Vault. The volume is working correctly.
Deployment.yaml:
...
spec:
volumes:
- name: keyvault-secrets
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: kevault-secrets
containers:
- name: busybox
image: k8s.gcr.io/e2e-test-images/busybox:1.29
command:
- /bin/sh
args:
- '-c'
- >-
SECRET1=$(cat /mnt/keyvault-secrets/secret1); export SECRET1;echo
$SECRET1; sleep 1d;
volumeMounts:
- name: keyvault-secrets
readOnly: true
mountPath: /mnt/keyvault-secrets
On startup the Pod is able to populate the environment variable and even prints its value correctly on the console. If I log into the Pod the environment variable is gone.
Any ideas why the environment variable vanishes?
1 answers
solution1
0 2022-01-17 15:16:59
Environment set in a shell session (like the one in your command) is local to that session only.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.