Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to use kubernetes secrets in nodejs application?

I have one kubernetes cluster on gcp, running my express and node.js application, operating CRUD operations with MongoDB.

I created one secret, containing username and password, connecting with mongoDB specifiedcified secret as environment in my kubernetes yml file. Now My question is "How to access that username and password in node js application for connecting mongoDB".

I tried process.env.SECRET_USERNAME and process.env.SECRET_PASSWORD in Node.JS application, it is throwing undefined.

Any idea ll'be appreciated .

Secret.yaml

 apiVersion: v1

  data:

     password: pppppppppppp==

     username: uuuuuuuuuuuu==

kind: Secret

metadata:

 creationTimestamp: 2018-07-11T11:43:25Z

 name: test-mongodb-secret

 namespace: default

 resourceVersion: "00999"

 selfLink: /api-path-to/secrets/test-mongodb-secret

 uid: 0900909-9090saiaa00-9dasd0aisa-as0a0s-

 type: Opaque

kubernetes.yaml

 apiVersion: extensions/v1beta1
 
kind: Deployment

metadata:

annotations:deployment.kubernetes.io/

revision: "4"

creationTimestamp: 2018-07-11T11:09:45Z

generation: 5

labels:
    name: test
 name: test
 namespace: default
 resourceVersion: "90909"
 selfLink: /api-path-to/default/deployments/test
 uid: htff50d-8gfhfa-11egfg-9gf1-42010gffgh0002a
spec:
  replicas: 1
   selector:
   matchLabels:
   name: test
 strategy:
    rollingUpdate:
     maxSurge: 1
     maxUnavailable: 1
    type: RollingUpdate
  template:
     metadata:
      creationTimestamp: null
  labels:
    name: test
  spec:
    containers:
  - env:
    - name: SECRET_USERNAME
      valueFrom:
        secretKeyRef:
          key: username
          name: test-mongodb-secret
    - name: SECRET_PASSWORD
      valueFrom:
        secretKeyRef:
          key: password
          name: test-mongodb-secret
    image: gcr-image/env-test_node:latest
    imagePullPolicy: Always
    name: env-test-node
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
  dnsPolicy: ClusterFirst
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  terminationGracePeriodSeconds: 30
 
  status:
   availableReplicas: 1
   conditions:
  - lastTransitionTime: 2018-07-11T11:10:18Z
     lastUpdateTime: 2018-07-11T11:10:18Z
    message: Deployment has minimum availability.
     reason: MinimumReplicasAvailable
    status: "True"
     type: Available
     observedGeneration: 5
      readyReplicas: 1
      replicas: 1
      updatedReplicas: 1
like image 629
Shree Prakash Avatar asked Jul 13 '18 09:07

Shree Prakash


1 Answers

Yourkubernetes.yaml file specifies which environment variable to store your secret so it is accessible by apps in that namespace.

Using kubectl secrets cli interface you can upload your secret.

kubectl create secret generic -n node-app test-mongodb-secret --from-literal=username=a-username --from-literal=password=a-secret-password

(the namespace arg -n node-app is optional, else it will uplaod to the default namespace)

After running this command, you can check your kube dashboard to see that the secret has been save

Then from you node app, access the environment variable process.env.SECRET_PASSWORD

Perhaps in your case the secretes are created in the wrong namespace hence why undefined in yourapplication.

EDIT 1

Your indentation for container.env seems to be wrong

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: password
  restartPolicy: Never
like image 94
Tobey Avatar answered Sep 29 '22 03:09

Tobey