How-To: Access Kubernetes secrets using PodSpec
Categories:
This how-to guide will provide an overview of how to:
- Patch existing Kubernetes secrets using PodSpec definitions and provide them to the environment of a container.
Prerequisites
Step 1: Define a container
Begin by creating a file named app.bicep with a Radius container:
extension radius
@description('Specifies the environment for resources.')
param environment string
resource app 'Applications.Core/applications@2023-10-01-preview' = {
name: 'demo'
properties: {
environment: environment
}
}
resource demo 'Applications.Core/containers@2023-10-01-preview' = {
name: 'demo'
properties: {
application: app.id
container: {
image: 'ghcr.io/radius-project/samples/demo:latest'
ports: {
web: {
containerPort: 3000
}
}
}
}
}
Step 2: Deploy the app and container
Run this command to deploy the app and container:
rad run ./app.bicep -a demo
Once the deployment completes successfully, you should see the following confirmation message along with some system logs:
Building app.bicep...
Deploying template 'app.bicep' for application 'demo' and environment 'dev' from workspace 'dev'...
Deployment In Progress...
.. demo Applications.Core/containers
Completed demo Applications.Core/applications
Deployment Complete
Resources:
demo Applications.Core/applications
demo Applications.Core/containers
Starting log stream...
+ demo-7d94db59f6-ps6cf › demo
demo-7d94db59f6-ps6cf demo No APPLICATIONINSIGHTS_CONNECTION_STRING found, skipping Azure Monitor setup
demo-7d94db59f6-ps6cf demo Using in-memory store: no connection string found
demo-7d94db59f6-ps6cf demo Server is running at http://localhost:3000
dashboard-7f7db87c5-7d2jf dashboard [port-forward] connected from localhost:7007 -> ::7007
demo-7d94db59f6-ps6cf demo [port-forward] connected from localhost:3000 -> ::3000
Verify the pod is running:
kubectl get pods -n dev-demo
You should see the following output in your console:
NAME READY STATUS RESTARTS AGE
demo-7d94db59f6-k7dfb 1/1 Running 0 62s
Step 3: Create a secret
Create a secret in your Kubernetes cluster using the following command:
kubectl create secret generic my-secret --from-literal=secret-key=secret-value -n dev-demo
Verify the secret is created:
kubectl get secrets -n dev-demo
Step 4: Patch the secret
Patch the secret into the container by adding the following runtimes block to the container resource in your app.bicep file:
|
|
Step 5: Redeploy the app and container
Redeploy and run your app:
rad app deploy demo
Once the deployment completes successfully, you should see the environment variable in the container.
To validate this, first get the pod name:
kubectl get pods -n dev-demo
You should see the following output in your console, with the pod name:
NAME READY STATUS RESTARTS AGE
demo-d64cc4d6d-xjnjz 1/1 Running 0 62s
Then, exec into the pod and check the environment variable (substitute the pod name with the one you got from the previous command):
kubectl -n dev-demo exec demo-d64cc4d6d-xjnjz -- env | grep MY_SECRET
kubectl -n dev-demo exec demo-d64cc4d6d-xjnjz -- env | findstr MY_SECRET
Cleanup
Run the following command to delete your app and container:
rad app delete demo
Further reading
Feedback
Was this page helpful?
Glad to hear it! Please feel free to star our repo and join our Discord server to stay up to date with the project.
Sorry to hear that. If you would like to also contribute a suggestion visit and tell us how we can improve.