map login secrets into a container on k8s #55
Description
I'm attempting to save login creds as a k8s secrets that I then mount into the azcli container running as a pod. I then hoping to set the AZURE_CONFIG_DIR to point to this directory and have everything magically work!
I could get it to work with a few work arounds and hacks... I was wondering if there was a better way to do this? For GCP its possible to export a single JSON that you can then map into your container. See https://cloud.google.com/docs/authentication/getting-started
I am trying to update kubeflow pipelines to support azure (similar to: https://github.com/rakelkar/pipelines/blob/master/sdk/python/kfp/gcp.py)
Here is how I passed creds in:
# have to store 3 files into a secret!
kubectl create secret generic azcreds --from-file=$HOME/.azure/accessTokens.json --from-file=$HOME/.azure/azureProfile.json --from-file=$HOME/.azure/az.json
kubectl apply -f azcli.yaml
azcli.yaml
Had to add a hack to copy the secrets into a rw folder... :-( ideally would have loved to keep in an ro folder...
apiVersion: v1
kind: Pod
metadata:
name: azcli
spec:
containers:
- name: azcli
image: microsoft/azure-cli
command: ["/bin/sh"]
args: ["-c", "cp -r /mappedcreds /azcreds && while true; do sleep 20;done"]
env:
- name: AZURE_CONFIG_DIR
value: "/azcreds"
volumeMounts:
- name: azcredvol
mountPath: "/mappedcreds"
volumes:
- name: azcredvol
secret:
secretName: azcreds