Is it possible write write an existing environment variable into a file from a Kubernetes deployment.yaml file?
The background: I've already parsed a json containing secrets. Now, I'd like to store that secret in a local file.
So far, I've tried something like this:
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c"],
args: ["echo $PRIVATE_KEY > /var/private.key"]
( I've setup /var/ as an empty writeVolume. )
Or perhaps there is a completely different way to do this, such as storing the secret in it's own, separate secret?
Usually when we need to read some secrets from a secret manager, we use an init container, and we create an emptyDir shared between the pods to write the secrets and access them from the other containers. In this case you can use a different docker image with secret manager dependencies and creds, without install those dependencies and provide the creds to the main container:
apiVersion: v1
kind: Pod
metadata:
name: test-pd
spec:
initContainers:
- name: init-container
image: alpine
command:
- /bin/sh
- -c
- 'echo "test_value" > /mnt/volume/var.txt'
volumeMounts:
- mountPath: /mnt/volume
name: shared-storage
containers:
- image: alpine
name: test-container
command:
- /bin/sh
- -c
- 'READ_VAR=$(cat /mnt/volume/var.txt) && echo "main_container: ${READ_VAR}"'
volumeMounts:
- mountPath: /mnt/volume
name: shared-storage
volumes:
- name: shared-storage
emptyDir: {}
Here is the log:
$ kubectl logs test-pd
main_container: test_value