Mounted Container File

Doppler CLI generated Kubernetes secret for mounting as a config file

Prerequites

  • Experience with deploying applications on Kubernetes

Service Token

Accessing your secrets in a production or CI/CD environment using the Doppler CLI requires a Service Token to provide read-only access to a specific config via the DOPPLER_TOKEN environment variable.

Installation

If you're unable to alter your Docker image to use the Doppler CLI and your application requires a secrets or config file, this guide will show you how to use Doppler to create a Kubernetes secret to mount as a file inside your container.

Create Kubernetes Secret

For this example, we're mounting a .env file inside the container, although this approach works equally well for any file type.

kubectl create secret generic doppler-dotenv --from-literal dotenv="$(doppler secrets download --no-file --format env)"

Then describe the secret to ensure it was created successfully:

kubectl describe secret doppler-dotenv

Create Pod

Let's create a Pod that will use the doppler-dotenv secret to mount the .env file inside your container. Save the below Pod spec as doppler-dotenv-pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: doppler-dotenv
spec:
  restartPolicy: Never
  containers:
    - name: doppler-dotenv
      image: alpine
      # Cat the file for testing purposes only
      args: ["cat", "/usr/src/app/secrets/.env"]
      volumeMounts:
        - name: secret-volume
          readOnly: true
          mountPath: /usr/src/app/secrets
  volumes:
    - name: secret-volume
      secret:
        secretName: doppler-dotenv
        items:
          - key: dotenv
            path: .env

Create the Pod by running:

kubectl apply -f doppler-dotenv-pod.yaml

To confirm the .env file was mounted successfully, view the container logs:

kubectl logs doppler-dotenv

You should see the contents of the .env file as output in the logs.

Cleaning up

To delete the Kubernetes Secret and Pod we created, run:

kubectl delete pod/doppler-dotenv secret/doppler-dotenv

πŸ‘

Awesome Work!

Now you know to use Doppler to create a Kubernetes secret to mount as a file inside your container.


Did this page help you?