How to use Kubernetes Secret as a variable in a Python script?

Filed Under: Random
How To Use Kubernetes Secret As A Variable In A Python Script

Hello, readers! This article demonstrates and answers the below question, “How to use Kubernetes Secret as a variable in a Python script?

So, let us begin!! 馃檪


Kubernetes Secret – Quick Overview

Kubernetes Secret provides us with an efficient way to store sensitive information to be utilized by the container/application. We can store sensitive data such as TLS certificates, Database usernames, and passwords, or some other literals that probably carry some sensitive information within it as a Kubernetes Secret.

These Kubernetes Secrets are accessible within the application code or even the application container to invoke certain functions.

Kubernetes Secret is always encrypted. That is the data within the secrets is encrypted and cannot be accessed by anyone out of the scope of the application/namespace. We can impose higher levels of RBAC to restrict access to the secrets altogether.


Pratical need to have Kubernetes Secrets in development scripts

Having understood the process to have the variables safe in the form of secrets, it is important to understand the way to utilize the secret values safely within the application containers.

Consider the below scenario:

We will containerize a MySQL database using Kubernetes. For the same, we set up the container within a DB pod. And, now we want to get into the database using the credentials of the database. But, we do not want to expose the details directly to the application team members.

This is when we can make use of secrets to expose the details without having to expose them.

We can have the variables within the secret exposed to the application code for logging into the MySQL database without exposing the actual values of those variables.

In this upcoming section, we will be practically setting up the environment to use Kubernetes secret data into a Python (application) script in the form of variables.


Practical Implementation: Using Kubernetes Secret as a variable in a Python script

In this example, we will be defined some sensitive information such as username and password to the certain application portal in the form of Kubernetes Secret. Post which, we will be making the values of these secrets available to the application container through a Python script.

Let us begin!

1. Creation of a Kubernetes Secret resource

Have a look at the below Kubernetes Secret YAML-

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
  namespace: demo_app
type: Opaque
stringData:
    username: "admin_user"
    password: "wer#214*&^)321@"
    
    
kubectl apply -f secret.YAML -n demo_app

Here, we have created a Kubernetes secret of type Opaque to save the key username, password values in an encrypted format for the namespace demo_app.

2. Using the secret as an environment variable in the Kubernetes Deployment

Have a look at the below YAML-

apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-app
  labels:
    app: demo-app
spec:
  selector:
    matchLabels:
      app: demo-app
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: demo-app
    spec:
      containers:
      - image: nginx
        resources:
            limits: 
              cpu: 100m
              memory: 1Gi
            requests:
              cpu: 60m
              memory: 500Mi
        name: env_container
        env:
        - name: USERNAME
          valueFrom:
            secretKeyRef:
              name: mysecret
              key: username
        - name: PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysecret
              key: password
  • We have created a deployment resource using the image nginx and have provided sufficient amount of resourcs to it.
  • Further, we have used the Kubernetes secret data variables as an environment variable within the deployment file with the name USERNAME, PASSWORD.
  • We will be making use of these environment variables (inherited from the secret) to get the values within the Python code as shown below-
import os

db_usr = os.getenv('USERNAME')

db_pass = os.getenv('PASSWORD')

print(db_usr)

print(db_pass)

The above python code should run in the form of the container and should be deployed through the deployment image (nginx in our case). Further, the os module helps us fetch the environment variables from the local environment (container environment in our case) and use it within the application.


Conclusion

By this, we have approached the end of this topic. Feel free to comment below, in case you come across any questions. For more such posts related to Kubernetes, Stay tuned with us.

Till then, Happy Learning!! 馃檪

Leave a Reply

Your email address will not be published. Required fields are marked *

close
Generic selectors
Exact matches only
Search in title
Search in content