- Experience with deploying applications on Kubernetes
Accessing your secrets in a production or CI/CD environment using the Doppler CLI requires a Service Token to provide read-only access to a specific config via the
DOPPLER_TOKEN environment variable.
If you're unable to alter your Docker image to use the Doppler CLI and your application requires a secrets or config file, this guide will show you how to use Doppler to create a Kubernetes secret to mount as a file inside your container.
For this example, we're mounting a
.env file inside the container, although this approach works equally well for any file type.
kubectl create secret generic doppler-dotenv --from-literal dotenv="$(doppler secrets download --no-file --format env)"
Then describe the secret to ensure it was created successfully:
kubectl describe secret doppler-dotenv
Let's create a Pod that will use the
doppler-dotenv secret to mount the
.env file inside your container. Save the below Pod spec as
apiVersion: v1 kind: Pod metadata: name: doppler-dotenv spec: restartPolicy: Never containers: - name: doppler-dotenv image: alpine # Cat the file for testing purposes only args: ["cat", "/usr/src/app/secrets/.env"] volumeMounts: - name: secret-volume readOnly: true mountPath: /usr/src/app/secrets volumes: - name: secret-volume secret: secretName: doppler-dotenv items: - key: dotenv path: .env
Create the Pod by running:
kubectl apply -f doppler-dotenv-pod.yaml
To confirm the
.env file was mounted successfully, view the container logs:
kubectl logs doppler-dotenv
You should see the contents of the
.env file as output in the logs.
To delete the Kubernetes Secret and Pod we created, run:
kubectl delete pod/doppler-dotenv secret/doppler-dotenv
Now you know to use Doppler to create a Kubernetes secret to mount as a file inside your container.
Updated 19 days ago