map login secrets into a container on k8s

[rakelkar]

I'm attempting to save login creds as a k8s secrets that I then mount into the azcli container running as a pod. I then hoping to set the AZURE_CONFIG_DIR to point to this directory and have everything magically work!

I could get it to work with a few work arounds and hacks... I was wondering if there was a better way to do this? For GCP its possible to export a single JSON that you can then map into your container. See https://cloud.google.com/docs/authentication/getting-started

I am trying to update kubeflow pipelines to support azure (similar to: https://github.com/rakelkar/pipelines/blob/master/sdk/python/kfp/gcp.py)

Here is how I passed creds in:

# have to store 3 files into a secret!
kubectl create secret generic azcreds --from-file=$HOME/.azure/accessTokens.json --from-file=$HOME/.azure/azureProfile.json --from-file=$HOME/.azure/az.json
kubectl apply -f azcli.yaml

azcli.yaml
Had to add a hack to copy the secrets into a rw folder... :-( ideally would have loved to keep in an ro folder...

apiVersion: v1
kind: Pod
metadata:
  name: azcli
spec:
  containers:
  - name: azcli
    image: microsoft/azure-cli
    command: ["/bin/sh"]
    args: ["-c", "cp -r /mappedcreds /azcreds && while true; do sleep 20;done"]
    env:
    - name: AZURE_CONFIG_DIR
      value: "/azcreds"
    volumeMounts:
    - name: azcredvol
      mountPath: "/mappedcreds"
  volumes:
  - name: azcredvol
    secret:
      secretName: azcreds