itsmunim · December 18, 2022 08:25
diff --git a/deployment-with-secrets.yaml b/deployment-with-secrets.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: my-app
 spec:
  template:
    spec:
      # All the volumes we will need
      volumes:
      # Secrethub service account that will be mounted by kubernetes from specified secret name
      - name: secrethub-sa-volume
        secret:
          secretName: secrethub-service-account
      # This is the configmap that contains non-interpolated secrets
      - name: non-interpolated-secrets
        configMap:
          name: app-secrets
      # The shared volume, where the interpolated secret file will be dumped - for application to consume
      - name: shared-data-volume
        hostPath:
          path: /mnt/prep/app-creds
          type: DirectoryOrCreate
      # The init container config, which is basically the script, that will generate the secret file
      - name: init-container-script
        configMap:
          defaultMode: 0700
          name: init-container-script
      
      # This init-container will fetch secrets from secrethub, and generate the expected file in expected location
      initContainers:
      - name: configure-secrets
        image: alpine:3.14
        securityContext:
          privileged: true
        command:
          - /bin/init.sh
        volumeMounts:
          # The secrethub service account that will be required by secrethub cli
          - name: secrethub-sa-volume
            mountPath: /bin/.secrethub-credential
            readOnly: true
            subPath: .secrethub-credential
          # Where this container will dump the final file with secrets in it
          - name: shared-data-volume
            mountPath: /data
          # The init container script which does the main job
          - name: init-container-script
            mountPath: /bin/init.sh
            readOnly: true
            subPath: init.sh
          # The non-interpolated secrets content from configmap
          - name: non-interpolated-secrets
            mountPath: /bin/secrets.env
            readOnly: true
            subPath: secrets.env
      
      # The main/application container
      containers:
        - name: my-app
          # This is where the interpolated secret file is ready to consume
          volumeMounts:
            - name: shared-data-volume
              mountPath: /data
          env:
            # Your application code can access this folder and get the secret file in runtime to use the values
            - name: SECRET_FILE_DIR
              value: /data
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: my-app
	spec:
	template:
	spec:
	# All the volumes we will need
	volumes:
	# Secrethub service account that will be mounted by kubernetes from specified secret name
	- name: secrethub-sa-volume
	secret:
	secretName: secrethub-service-account
	# This is the configmap that contains non-interpolated secrets
	- name: non-interpolated-secrets
	configMap:
	name: app-secrets
	# The shared volume, where the interpolated secret file will be dumped - for application to consume
	- name: shared-data-volume
	hostPath:
	path: /mnt/prep/app-creds
	type: DirectoryOrCreate
	# The init container config, which is basically the script, that will generate the secret file
	- name: init-container-script
	configMap:
	defaultMode: 0700
	name: init-container-script

	# This init-container will fetch secrets from secrethub, and generate the expected file in expected location
	initContainers:
	- name: configure-secrets
	image: alpine:3.14
	securityContext:
	privileged: true
	command:
	- /bin/init.sh
	volumeMounts:
	# The secrethub service account that will be required by secrethub cli
	- name: secrethub-sa-volume
	mountPath: /bin/.secrethub-credential
	readOnly: true
	subPath: .secrethub-credential
	# Where this container will dump the final file with secrets in it
	- name: shared-data-volume
	mountPath: /data
	# The init container script which does the main job
	- name: init-container-script
	mountPath: /bin/init.sh
	readOnly: true
	subPath: init.sh
	# The non-interpolated secrets content from configmap
	- name: non-interpolated-secrets
	mountPath: /bin/secrets.env
	readOnly: true
	subPath: secrets.env

	# The main/application container
	containers:
	- name: my-app
	# This is where the interpolated secret file is ready to consume
	volumeMounts:
	- name: shared-data-volume
	mountPath: /data
	env:
	# Your application code can access this folder and get the secret file in runtime to use the values
	- name: SECRET_FILE_DIR
	value: /data