Hello, readers! This article demonstrates and answers the below question, “How to use Kubernetes Secret as a variable in a Python script?“
So, let us begin!! 🙂
Kubernetes Secret – Quick Overview
Kubernetes Secret provides us with an efficient way to store sensitive information to be utilized by the container/application. We can store sensitive data such as TLS certificates, Database usernames, and passwords, or some other literals that probably carry some sensitive information within it as a Kubernetes Secret.
These Kubernetes Secrets are accessible within the application code or even the application container to invoke certain functions.
Kubernetes Secret is always encrypted. That is the data within the secrets is encrypted and cannot be accessed by anyone out of the scope of the application/namespace. We can impose higher levels of RBAC to restrict access to the secrets altogether.
Pratical need to have Kubernetes Secrets in development scripts
Having understood the process to have the variables safe in the form of secrets, it is important to understand the way to utilize the secret values safely within the application containers.
Consider the below scenario:
We will containerize a MySQL database using Kubernetes. For the same, we set up the container within a DB pod. And, now we want to get into the database using the credentials of the database. But, we do not want to expose the details directly to the application team members.
This is when we can make use of secrets to expose the details without having to expose them.
We can have the variables within the secret exposed to the application code for logging into the MySQL database without exposing the actual values of those variables.
In this upcoming section, we will be practically setting up the environment to use Kubernetes secret data into a Python (application) script in the form of variables.
Practical Implementation: Using Kubernetes Secret as a variable in a Python script
In this example, we will be defined some sensitive information such as username and password to the certain application portal in the form of Kubernetes Secret. Post which, we will be making the values of these secrets available to the application container through a Python script.
Let us begin!
1. Creation of a Kubernetes Secret resource
Have a look at the below Kubernetes Secret YAML-
apiVersion: v1 kind: Secret metadata: name: mysecret namespace: demo_app type: Opaque stringData: username: "admin_user" password: "wer#214*&^)321@"
kubectl apply -f secret.YAML -n demo_app
Here, we have created a Kubernetes secret of type Opaque to save the key username, password values in an encrypted format for the namespace demo_app.
2. Using the secret as an environment variable in the Kubernetes Deployment
Have a look at the below YAML-
apiVersion: apps/v1 kind: Deployment metadata: name: demo-app labels: app: demo-app spec: selector: matchLabels: app: demo-app strategy: type: Recreate template: metadata: labels: app: demo-app spec: containers: - image: nginx resources: limits: cpu: 100m memory: 1Gi requests: cpu: 60m memory: 500Mi name: env_container env: - name: USERNAME valueFrom: secretKeyRef: name: mysecret key: username - name: PASSWORD valueFrom: secretKeyRef: name: mysecret key: password
- We have created a deployment resource using the image nginx and have provided sufficient amount of resourcs to it.
- Further, we have used the Kubernetes secret data variables as an environment variable within the deployment file with the name USERNAME, PASSWORD.
- We will be making use of these environment variables (inherited from the secret) to get the values within the Python code as shown below-
import os db_usr = os.getenv('USERNAME') db_pass = os.getenv('PASSWORD') print(db_usr) print(db_pass)
The above python code should run in the form of the container and should be deployed through the deployment image (nginx in our case). Further, the os module helps us fetch the environment variables from the local environment (container environment in our case) and use it within the application.
By this, we have approached the end of this topic. Feel free to comment below, in case you come across any questions. For more such posts related to Kubernetes, Stay tuned with us.
Till then, Happy Learning!! 🙂