Mounted Container File (not recommended)
We no longer recommend mounting a .env file via a Doppler populated Kubernetes secret and instead, encourage you to use container environment variables where possible and only use mounted container files when necessary, e.g. TLS certificate.
Avoid Mounting an .env File
This guide was originally intended to help developers currently mounting a .env file inside their containers transition to Doppler as easily as possible.
But we've now taken a strong stance against using .env files in all cases so we no longer recommend this approach be taken.
Take a look at our documented alternatives:
If you're unsure of how to transition to using a non .env file solution for Kubernetes, reach out in the Doppler Community Forum or contact us at [email protected].
Prerequites
- Experience with deploying applications on Kubernetes
Service Token
Accessing your secrets in a production or CI/CD environment using the Doppler CLI requires a Service Token to provide read-only access to a specific config via the DOPPLER_TOKEN
environment variable.
Installation
If you're unable to alter your Docker image to use the Doppler CLI and your application requires a secrets or config file, this guide will show you how to use Doppler to create a Kubernetes secret to mount as a file inside your container.
Create Kubernetes Secret
For this example, we're mounting a .env
file inside the container, although this approach works equally well for any file type.
kubectl create secret generic doppler-dotenv --from-literal dotenv="$(doppler secrets download --no-file --format env)"
Then describe the secret to ensure it was created successfully:
kubectl describe secret doppler-dotenv
Create Pod
Let's create a Pod that will use the doppler-dotenv
secret to mount the .env
file inside your container. Save the below Pod spec as doppler-dotenv-pod.yaml
:
apiVersion: v1
kind: Pod
metadata:
name: doppler-dotenv
spec:
restartPolicy: Never
containers:
- name: doppler-dotenv
image: alpine
# Cat the file for testing purposes only
args: ["cat", "/usr/src/app/secrets/.env"]
volumeMounts:
- name: secret-volume
readOnly: true
mountPath: /usr/src/app/secrets
volumes:
- name: secret-volume
secret:
secretName: doppler-dotenv
items:
- key: dotenv
path: .env
Create the Pod by running:
kubectl apply -f doppler-dotenv-pod.yaml
To confirm the .env
file was mounted successfully, view the container logs:
kubectl logs doppler-dotenv
You should see the contents of the .env
file as output in the logs.
Cleaning up
To delete the Kubernetes Secret and Pod we created, run:
kubectl delete pod/doppler-dotenv secret/doppler-dotenv
Awesome Work!
Now you know to use Doppler to create a Kubernetes secret to mount as a file inside your container.
Updated over 2 years ago