skip to Main Content

I am relativly new to Kubernetes and I have the following problem: We use Grafana in our Kubernetes Cluster, but currently the way our template.yaml file is built does not allow to use a secret form a password.

  - apiVersion: v1
    kind: ConfigMap
    metadata:
      labels:
        app: ${APP}
      name: "${APP}-ldap-file"
    data:
      ldap.toml: |-
        [[servers]]
        ....
        # Search user bind dn
        bind_dn = "uid=tu0213,cn=users,o=company,c=de"
        bind_password = ${BIND_PASSWORD}

parameters:
  - name: BIND_PASSWORD

Just using the password this way works fine, but it´s in plain text in a params file in our CI/CD Pipeline.

I a different repository I fould this:

  spec:
    containers:
    - name: nginx-auth-ldap
      image: ${REGISTRY}/${NAMESPACE}/nginx-auth-ldap:6
      imagePullPolicy: Always
      env: 
        - name: LDAP_BIND_DN
          valueFrom:
            secretKeyRef:
              name: ldap-bind-dn
              key: dn

Is this valueFrom approach also possible in my usecase?

2

Answers


  1. You can use a secret like that but you have to split the data into separate keys like this:

    apiVersion: v1
    kind: Secret
    metadata:
      labels:
        app: ${APP}
      name: "${APP}-ldap-file"
    stringData:
      dn: "uid=tu0213,cn=users,o=company,c=de"
    
    Login or Signup to reply.
  2. The format you specify is correct. Just create a secret with name "ldap-bind-dn" and as a value provide your password there.

    Path for secret: In openshift console go to Resources-> Secrets -> create secret.

    spec:
    containers:
    - name: nginx-auth-ldap
      image: ${REGISTRY}/${NAMESPACE}/nginx-auth-ldap:6
      imagePullPolicy: Always
      env: 
        - name: LDAP_BIND_DN
          valueFrom:
            secretKeyRef:
              name: ldap-bind-dn
              key: dn
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search