Kubernetes Secrets¶
Integration with Google Cloud Platform
We also offer an optional integration with Google Secret Manager as a simplified supplement to using Kubernetes Secrets directly.
When running an application in a team namespace, Kubernetes Secrets can be used directly.
To get started using this, simply create the secrets. A secret can be either key-value pairs or files, and can be exposed to the application as environment variables or files.
Microsoft has a good YouTube video that explains the concepts of Kubernetes secrets.
Example¶
Creating a secret
Info
The kubectl plugin kubectl-modify-secret is recommended if you need to modify the secret contents after creation.
Exposing my-secret
as environment variables to the application by referring to it in nais.yaml
That's it! When the application is running, the environment variable key1
will have the value supersecret
.
Alternatively, if the secret should have their contents mounted into the containers as files:
The secret is then exposed under the path specified by spec.filesFrom[].mountPath
(default /var/run/secrets
). For this example it is available at /var/run/secrets/key1
.
See the official Kubernetes documentation or by running kubectl create secret generic --help
for more details on creating and managing your secrets.
Relevant information¶
Created: 2019-10-04