- Create a pod and mount a secret:
apiVersion: v1
kind: Pod
metadata:
labels:
run: httpd
name: httpd
spec:
nodeName: <change_to_desired_nodeName>
containers:
- image: httpd
name: httpd
envFrom:
- secretRef:
name: httpd-secret
dnsPolicy: ClusterFirst
restartPolicy: Always
---
apiVersion: v1
data:
creditcard: MTExMTIyMjIzMzMzNDQ0NA==
kind: Secret
metadata:
name: httpd-secret
namespace: default
type: Opaque
- SSH to the worker node, sudo to root and run
pstree -p (or on the node, grep for the container command and grab the PID)
- Look for the root pid for "httpd" under containerd-shim
- run
cat /proc/<pid>/environ to see the cleartext secret along with all the environment values that are loaded into the httpd pod
