Container Environment Variables
Doppler CLI synced Kubernetes secret as environment variables
Prerequites
- Experience with deploying applications on Kubernetes
Service Token
Accessing your secrets in a production or CI/CD environment using the Doppler CLI requires a Service Token to provide read-only access to a specific config via the DOPPLER_TOKEN
environment variable.
Installation
If you're unable to alter your Docker image to use the Doppler CLI, this guide will show you how to use Doppler to create a Kubernetes secret to supply environment variables in your container.
Create Kubernetes Secret
We will create a secret in Kubernetes using a secrets.env
file as input.
kubectl create secret generic doppler-env-vars --from-env-file <(doppler secrets download --no-file --format docker)
Then describe the secret to ensure it was created successfully:
kubectl describe secret doppler-env-vars
The
--format docker
flag also flattens multi-line secrets due to limitations withkubectl
. If you have multi-line secrets, we suggest using the container mounted file option.
Create Pod
Let's create a Pod that will use the doppler-env-vars
secret to create an environment variable for every key defined in the secret's data. Save the below Pod spec as doppler-env-vars-pod.yaml
:
apiVersion: v1
kind: Pod
metadata:
name: doppler-env-vars
spec:
restartPolicy: Never
containers:
- name: doppler-env-vars
image: alpine
args: ["printenv"] # Used for testing purposes only
# Populates every key in the secret as an env var
envFrom:
- secretRef:
name: doppler-env-vars
Create the Pod by running:
kubectl apply -f doppler-env-vars-pod.yaml
To confirm the environment variables were set correctly, view the container logs:
kubectl logs doppler-env-vars
You should see a list of environment variables printed containing your secrets.
Cleaning up
To delete the Kubernetes Secret and Pod we created, run:
kubectl delete pod/doppler-env-vars secret/doppler-env-vars
Awesome Work!
Now you know how to use Doppler to create a Kubernetes secret to supply environment variables to your container. Keep reading to learn how to mount a Doppler created secrets file in Kubernetes.
Updated 10 months ago