DEV Community

Arnob
Arnob

Posted on

Manage Multiple ExternalSecret

Here I will share how you manage multiple Kubernetes secrets in One or Multiple services/pods.

captionless image

Here is the story, every pod contains a secret or external secret file. So there are some common secrets in every pod. So I told you this secret is a common secret. So if any secret key changes then you have to change the secret from every pod.

So, here describe how you manage the common secret.

Pod 1 — cart-one-secret

ENV_ONE=1
ENV_TWO=2
COMMON_TYPE=1
Enter fullscreen mode Exit fullscreen mode

Pod 2 — cart-two-secret

ENV_ONE=1
ENV_THREE=3
COMMON_TYPE=1
Enter fullscreen mode Exit fullscreen mode

So here the two pods contain pod-wise secrets.

So here I create a common env.

Secret— common-secret

COMMON_TYPE=1
Enter fullscreen mode Exit fullscreen mode

And Remove the Common Secret from other Pod Secret.

Pod 1 — cart-one-secret

ENV_ONE=1
ENV_TWO=2
Enter fullscreen mode Exit fullscreen mode

Pod 2 — cart-two-secret

ENV_ONE=1
ENV_THREE=3
COMMON_TYPE=1
Enter fullscreen mode Exit fullscreen mode

Now you have to modify the Kubernetes deployment.

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    name: cart-one
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: cart-one
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
  template:
    metadata:
      annotations:
        secret.reloader.stakater.com/reload: cart-one-secret
      labels:
        app: cart-one
    spec:
      containers:
        envFrom:
        - secretRef:
            name: cart-one-secret
        image: docker.io/cart/cart-one/136a45d:136a45d
        imagePullPolicy: Always
        name: cart-one
        ports:
        - containerPort: 3000
          name: env
          protocol: TCP
        resources:
          limits:
            cpu: 150m
            memory: 150Mi
          requests:
            cpu: 50m
            memory: 50Mi
Enter fullscreen mode Exit fullscreen mode

At the deployment, there is an envFrom containing the secret key called secretRef. So here in one secretEnv then you have to add common secretEnv.

envFrom:
    - secretRef:
        name: cart-one-secret
    - secretRef:
        name: cart-two-secret
Enter fullscreen mode Exit fullscreen mode

Now the pod (cart-one-deployment) have then two secret env. If You can see the env details from the pod. Exec/run the pod

kubectl exec -it cart-one-57494cf954-9fg6f -- printenv | grep -i COMMON_TYPE=
Enter fullscreen mode Exit fullscreen mode

Output

ENV_ONE=1
ENV_TWO=2
COMMON_TYPE=1
Enter fullscreen mode Exit fullscreen mode

Now if you wanted to reload/re-create-container the pod. At template, metadata modifies the secret

template:
    metadata:
      annotations:
        secret.reloader.stakater.com/reload: cart-one-secret,common-secret
Enter fullscreen mode Exit fullscreen mode

If you change any secret at the common secret then the pod will re-create the pod.

If you create a common secret from another pod cart-two. Then use the same process as cart-one.

Happy Learning…

Top comments (0)