Parametrize a rust container in a kubernetes cluster

konkerama · August 19, 2023, 8:54pm

I have a container that runs a rust created binary that needs to be parametrized (eg with a database password).

The easy and straightforward way would be to add the value as an environment variable and then reference it accordingly from rust. The issue is that as I understand it this is not the recommended approach security wise from Kubernetes.

This leaves us mounting Kubernetes secrets as a volume in the pod.

I played a bit with dotenv but it seems it is not supported the Kubernetes mounted secret format by default.

The issue is that I'm unable to find a good library or example that describes this pattern, without adding ugly intermediate steps.

Is there anybody that has done it, and has any best practices to provide?

tbfleming · August 19, 2023, 9:26pm

Maybe Config — Rust config library // Lib.rs with config-secret — Rust config library // Lib.rs would help?

riking · August 19, 2023, 11:32pm

Just use serde + File::open ?

konkerama · August 20, 2023, 5:10am

Thank you, this is more or less what I was looking for, will play with it a bit

konkerama · August 20, 2023, 5:12am

Thank you for the suggestion, this would be the last resort indeed. I will try the config library for now and see where it leads