Consuming secrets using the downward API

When creating pods, you can use the downward API to inject Secrets so image and application authors can create an image for specific environments.

Procedure

Create a secret.yaml file:

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
data:
  password: cGFzc3dvcmQ=
  username: ZGV2ZWxvcGVy
type: kubernetes.io/basic-auth

Create a Secret from the secret.yaml file:
```
$ oc create -f secret.yaml
```

Create a pod.yaml file that references the username field from the above Secret:

apiVersion: v1
kind: Pod
metadata:
  name: dapi-env-test-pod
spec:
  containers:
    - name: env-test-container
      image: gcr.io/google_containers/busybox
      command: [ "/bin/sh", "-c", "env" ]
      env:
        - name: MY_SECRET_USERNAME
          valueFrom:
            secretKeyRef:
              name: mysecret
              key: username
  restartPolicy: Never

Create the pod from the pod.yaml file:
```
$ oc create -f pod.yaml
```
Check the container’s logs for the MY_SECRET_USERNAME value:
```
$ oc logs -p dapi-env-test-pod
```