Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Kubernetes secrets as EnvVars

See original GitHub issue

What should we add or change to make your life better?

At this moment, Tye is creating secrets and mounting them as a volumes on k8s deployments. However this secret is not referenced as an env var. K8S allow to that with something like

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: password
  restartPolicy: Never

Why is this important to you?

Using secrets as currently deployed enforces us to add a new configuration provider, KeyPerFile, and to split our code to read configuration keys differently when is executed on tye run and when is deployed to k8s.

           services.AddStackExchangeRedisCache(options =>
            {
                var connectionString = Configuration["connectionstring:redis"];
                if (connectionString != null)
                {
                    options.Configuration = connectionString;
                }
                else
                {
                    options.Configuration = $"{Configuration["service:redis:host"]}:{Configuration["service:redis:port"]}";
                }
            });

Issue Analytics

State:
Created 3 years ago
Comments:7 (7 by maintainers)

Top GitHub Comments

1reaction

rynowakcommented, Apr 22, 2020

We did this in 0.1 service discovery uses env-vars now.

0reactions

unaizorrillacommented, Mar 25, 2020

Is this actually about files vs env vars or just consistency of the key name?

for me, consistency of key names that result on different code paths for dev and prod!

Top Results From Across the Web

Secrets

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such...

Distribute Credentials Securely Using Secrets

You can consume the data in Secrets as environment variables in your containers. If a container already consumes a Secret in an environment ......

Pass database username and password as environment ...

Kubernetes secret objects let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Putting this information in a...

Secret - Unofficial Kubernetes - Read the Docs

Secrets can be mounted as data volumes or be exposed as environment variables to be used by a container in a pod. They...

Don't use environment variables in Kubernetes to consume ...

Mount secrets as files, rather than environment variables. Kubernetes natively supports mounting secrets in the container itself as a file ...