How-To Guides
...
Secret Management
Injecting Secrets into Kuberne...

Kubernetes Application

5min

In this section, a test application is created to demonstrate secret injecting into Kubernetes applications. In the example, the nginx server is set.

Document image

[root@master-node ~]# kubectl apply -f test-deploy.yaml [root@master-node ~]# kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGEmy-test-deployment 1/1 1 1 61s [root@master-node ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-test-deployment-65fc9c7646-4hqsk 1/1 Running 0 62s

Injecting Secrets into Kubernetes Applications

YAML file is used to patch the secret to the application. It is necessary to fill in the mandatory fields defined in Kron PAM in the YAML file. These fields are secret name, secret path, and token values.

Patch File
Patch File


The patch file must be filled with the secret information it wants to access for each application. Multiple secrets can be set in the same file under annotations.

  • Apply the patch using kubectl cmd proving the name of the deployment and patch file.
[root@master-node ~]# kubectl patch deployment my-test-deployment --patch "$(cat secrets-patch.yaml)" deployment.apps/my-test-deployment patched [root@master-node ~]# kubectl get pods NAME READY STATUS RESTARTS AGE kron-aapm-agent-5c57584465-crws8 1/1 Running 0 30m my-test-deployment-d7ff55c4b-68gxx 1/1 Running 0 15s (Pod name changed)
  • After patching, the sidecar was injected. The aapm-client container should appear in the application's pod.
[root@master-node ~]# kubectl get pods my-test-deployment-d7ff55c4b-68gxx -o jsonpath='{.spec.containers[*].name}'nginx aapm-client
  • The Nginx container and AAPM Client container now use keystore shared volume. They can read the secret information with the shared environment file kept under the keystore.
[root@master-node ~]# kubectl exec -it my-test-deployment-d7ff55c4b-68gxx -c nginx -- cat /keystore/user1. envserviceuser ={"secret":{"password":"fME8I5bq","username":"sapmuser1"}} [root@master-node ~]# kubectl exec -it my-test-deployment-d7ff55c4b-68gxx -c aapm-client -- cat keystore/user1.env serviceuser ={"secret":{"password":"fME8I5bq","username":"sapmuser1"}}



PREVIOUS
Install Agent Sidecar
NEXT
Secret Management
Docs powered by Archbee