Bootstrap FreeKB - OpenShift - Prefix Secrets using oc set env --prefix
OpenShift - Prefix Secrets using oc set env --prefix
Updated:   |  OpenShift articles

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

There are different ways to configure a container with environment variables.

The oc get secret command can be used to see that the secret exists.

~]# oc get secret my-secret
NAME           TYPE        DATA      AGE
my-secret      Opaque      1         133d

 

The --output yaml or --output json options can be used to display the YAML or JSON details of the secret. Notice that the "foo" key contains "SGVsbG8=" and "bar" contains "V29ybGQ=". This is normal, because the secret value is base64 encoded.

~]$ oc get secrets my-secret --output yaml
apiVersion: v1
data:
  bar: V29ybGQ=
  foo: SGVsbG8=
kind: Secret
metadata:
  creationTimestamp: "2021-11-18T07:12:09Z"
  name: mysecret
  namespace: default
  resourceVersion: "448072461"
  uid: 4104a646-84e2-46c3-bd59-408e2f7ee807
type: Opaque

 

On a Linux system, the base64 command can be used to decode the value.

~]# echo SGVsbG8= | base64 --decode
Hello

~]# echo V29ybGQ= | base64 --decode
World

 

Let's say you have a deployment named "my-deployment".

~]# oc get deployments
NAME            READY   UP-TO-DATE   AVAILABLE   AGE
my-deployment   1/1     1            1           8d

 

The oc edit or oc set env command can be used to update the deployment to use the foo and bar secrets in my-secret and the --prefix option can be used to add a prefix to each key.

~]$ oc set env deployment my-deployment --from secret/my-secret --prefix my_prefix_
deployment.apps/my-deployment updated

 

A new pod should immediately be created after the oc set env command has completed, and the oc describe pod command can be used to see that the pod is now has the "foo" and "bar" keys including the prefix.

~]$ oc describe pod my-pod-65rbl
Containers:
  my-container:
    Environment:
      my_prefix_FOO:  <set to the key 'foo' in secret 'my-secret'>  Optional: false
      my_prefix_BAR:  <set to the key 'bar' in secret 'my-secret'>  Optional: false

 

The oc set env command with the --list option can be used the list the environment variables associate with a resource, such as a deployment or pod.

~]$ oc set env pod my-pod-276pc --list
# pods/my-pod-276pc, container my-container
# my_prefix_FOO from secret my-secret, key foo
# my_prefix_BAR from secret my-secret, key bar

 

The oc exec command and the env or printenv command can be used to see if the "my_secret" variable contains a value of "Hello" in the container.

~]$ oc exec/my-pod-65rbl -- env
my_prefix_FOO=Hello
my_prefix_BAR=World

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 22d782 in the box below so that we can be sure you are a human.