I am new to the Kubernetes, I am facing issue to get secret from the keyvault,
Basically I want to deploy a container having secret(servicebus connectionstring) which is storing in the Azure Key vault, so need to access the secret key from azure key vault, In this sample yaml i have hard coded the secret SERVICEBUS_CONNECTIONSTRING . A sample yaml could help us.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx-deployment
strategy: {}
template:
metadata:
labels:
app: nginx-deployment
spec:
containers:
- image: nginx
name: nginx
env:
- name: SERVICEBUS_CONNECTIONSTRING
value: "Endpoint=sb://servicebus-keda-aks-03.servicebus.windows.net/;SharedAccessKeyName=keda-aks-01;SharedAccessKey=lsTj32UdliVMlHYJhbSdKcEZkqCSX+FqClQWpBvr2da=;EntityPath=my-queue"
2
Answers
I haven’t tried it myself, but these pages are describing what you need if I am not mistaken:
Assuming you are using AKS cluster, pulling secrets after the pods are created can get really messy. You may need to set permissions(service principals) for specific pods to access keyvaults. Or you may need to configure a CNI on your cluster, depending on the networking policy used while creating the AKS.
A better way is to store these in kubernetes secrets. You could manually create them before deploying your pods.
Below would work:
secret.yml:
deployment.yml:
OR
you want to automate this, you can do it in your CI/CD job or pipeline by pulling secrets from keyvault as env-vars and then using kubectl command to create secret.
Hope this helps.