radius-project · willtsai · Apr 25, 2024 · Mar 28, 2024 · Mar 28, 2024 · Apr 5, 2024
@@ -14,7 +14,7 @@ Currently yes. Although Radius is architected to run on any platform, today Kube
 
 ### Can I incrementally adopt, or "try out" Radius?
 
-Yes. The easiest way to add Radius to an existing application is through [Radius annotations](#TODO). Simply add the annotations to your existing Helm chart or Kubernetes YAML and you can use the Radius app graph, connections, and Recipes. [Try the tutorial](#TODO) to learn more.
+Yes. The easiest way to add Radius to an existing application is through [Radius annotations]({{< ref "/tutorials/tutorial-add-radius#step-3-add-radius-to-the-guestbook-application" >}}). Simply add the annotations to your existing Helm chart or Kubernetes YAML and you can use the Radius app graph, connections, and Recipes. [Try the tutorial]({{< ref "/tutorials/tutorial-add-radius" >}}) to learn more.
 
 ### Do I have to self-host Radius? Is there a managed service for Radius?
 

@@ -190,7 +190,7 @@ Resources:
 To delete your app, run the [rad app delete]({{< ref rad_application_delete >}}) command to cleanup the app and its resources, including the Recipe resources:
 
 ```bash
-rad app delete demo -y
+rad app delete first-app -y
 ```
 
 ## Next steps

@@ -0,0 +1,149 @@
+---
+type: docs
+title: "How-To: Access Kubernetes secrets using PodSpec"
+linkTitle: "Secrets using PodSpec"
+description: "Learn how to patch Kubernetes secrets into the container environment using PodSpec definitions"
+weight: 300
+slug: 'secrets-podspec'
+categories: "How-To"
+tags: ["containers","Kubernetes", "secrets"]
+---
+
+This how-to guide will provide an overview of how to:
+
+- Patch existing Kubernetes secrets using [PodSpec](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec) definitions and provide them to the environment of a container.
+
+## Prerequisites
+
+- [rad CLI]({{< ref getting-started >}})
+- [Radius initialized with `rad init`]({{< ref howto-environment >}})
+- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+
+## Step 1: Define a container
+
+Begin by creating a file named `app.bicep` with a Radius [container]({{< ref "guides/author-apps/containers" >}}):
+
+{{< rad file="snippets/secrets-container.bicep" embed=true >}}
+
+## Step 2: Deploy the app and container
+
+Run this command to deploy the app and container:
+
+```bash
+rad run ./app.bicep -a demo
+```
+
+Once the deployment completes successfully, you should see the following confirmation message along with some system logs:
+
+```
+Building app.bicep...
+Deploying template 'app.bicep' for application 'demo' and environment 'dev' from workspace 'dev'...
+
+Deployment In Progress...
+
+..                   demo            Applications.Core/containers
+Completed            demo            Applications.Core/applications
+
+Deployment Complete
+
+Resources:
+    demo            Applications.Core/applications
+    demo            Applications.Core/containers
+
+Starting log stream...
+
++ demo-7d94db59f6-ps6cf › demo
+demo-7d94db59f6-ps6cf demo No APPLICATIONINSIGHTS_CONNECTION_STRING found, skipping Azure Monitor setup
+demo-7d94db59f6-ps6cf demo Using in-memory store: no connection string found
+demo-7d94db59f6-ps6cf demo Server is running at http://localhost:3000
+dashboard-7f7db87c5-7d2jf dashboard [port-forward] connected from localhost:7007 -> ::7007
+demo-7d94db59f6-ps6cf demo [port-forward] connected from localhost:3000 -> ::3000
+```
+
+Verify the pod is running:
+
+```bash
+kubectl get pods -n dev-demo
+```
+You should see the following output in your console:
+```
+NAME                    READY   STATUS    RESTARTS   AGE
+demo-7d94db59f6-k7dfb   1/1     Running   0          62s
+```
+
+## Step 3: Create a secret
+
+Create a secret in your Kubernetes cluster using the following command:
+
+```bash
+kubectl create secret generic my-secret --from-literal=secret-key=secret-value -n dev-demo
+```
+
+Verify the secret is created:
+
+```bash
+kubectl get secrets -n dev-demo
+```
+
+## Step 4: Patch the secret
+
+Patch the secret into the container by adding the following `runtimes` block to the `container` resource in your `app.bicep` file:
+
+{{< rad file="snippets/secrets-patch.bicep" embed=true markdownConfig="{linenos=table,hl_lines=[\"25-60\"]}" >}}
+
+## Step 5: Redeploy the app and container
+
+Redeploy and run your app:
+
+```bash
+rad app deploy demo
+```
+
+Once the deployment completes successfully, you should see the environment variable in the container.
+
+To validate this, first get the pod name:
+
+```bash
+kubectl get pods -n dev-demo
+```
+
+You should see the following output in your console, with the pod name:
+```
+NAME                    READY   STATUS    RESTARTS   AGE
+demo-d64cc4d6d-xjnjz   1/1     Running   0          62s
+```
+
+Then, exec into the pod and check the environment variable (substitute the pod name with the one you got from the previous command):
+
+{{< tabs "macOS/Linux/WSL" "Windows" >}}
+
+{{% codetab %}}
+
+```bash
+kubectl -n dev-demo exec demo-d64cc4d6d-xjnjz -- env | grep MY_SECRET
+```
+
+{{% /codetab %}}
+
+{{% codetab %}}
+
+```powershell
+kubectl -n dev-demo exec demo-d64cc4d6d-xjnjz -- env | findstr MY_SECRET
+```
+
+{{% /codetab %}}
+
+{{< /tabs >}}
+
+## Cleanup
+
+Run the following command to [delete]({{< ref "guides/deploy-apps/howto-delete" >}}) your app and container:
+
+```bash
+rad app delete demo
+```
+
+## Further reading
+
+- [Kubernetes in Radius containers]({{< ref "guides/author-apps/containers/overview#kubernetes" >}})
+- [PodSpec in Radius containers]({{< ref "reference/resource-schema/core-schema/container-schema#runtimes" >}})
@@ -0,0 +1,26 @@
+import radius as radius
+
+@description('Specifies the environment for resources.')
+param environment string
+
+resource app 'Applications.Core/applications@2023-10-01-preview' = {
+  name: 'demo'
+  properties: {
+    environment: environment
+  }
+}
+
+resource demo 'Applications.Core/containers@2023-10-01-preview' = {
+  name: 'demo'
+  properties: {
+    application: app.id
+    container: {
+      image: 'ghcr.io/radius-project/samples/demo:latest'
+      ports: {
+        web: {
+          containerPort: 3000
+        }
+      }
+    }
+  }
+}
@@ -0,0 +1,62 @@
+import radius as radius
+
+@description('Specifies the environment for resources.')
+param environment string
+
+resource app 'Applications.Core/applications@2023-10-01-preview' = {
+  name: 'demo'
+  properties: {
+    environment: environment
+  }
+}
+
+resource demo 'Applications.Core/containers@2023-10-01-preview' = {
+  name: 'demo'
+  properties: {
+    application: app.id
+    container: {
+      image: 'ghcr.io/radius-project/samples/demo:latest'
+      ports: {
+        web: {
+          containerPort: 3000
+        }
+      }
+    }
+    runtimes: {
+      kubernetes: {
+        pod: {
+          volumes: [ {
+              name: 'secrets-vol'
+              secret: {
+                secretName: 'my-secret'
+              }
+            }
+          ]
+          containers: [
+            {
+              name: 'demo'
+              volumeMounts: [ {
+                  name: 'secrets-vol'
+                  readOnly: true
+                  mountPath: '/etc/secrets-vol'
+                }
+              ]
+              env: [
+                {
+                  name: 'MY_SECRET'
+                  valueFrom: {
+                    secretKeyRef: {
+                      name: 'my-secret'
+                      key: 'secret-key'
+                    }
+                  }
+                }
+              ]
+            }
+          ]
+          hostNetwork: true
+        }
+      }
+    }
+  }
+}
@@ -192,11 +192,12 @@ From here you will go through a series of steps to incrementally add more Radius
       # Add the following two lines
       annotations:
         radapp.io/enabled: 'true'
+        radapp.io/environment: '{{ .Values.environment }}'
     spec:
     ...
     ```
 
-    Adding the `radapp.io/enabled: 'true'` annotation enables Radius for the deployment.
+    Adding the `radapp.io/enabled: 'true'` annotation enables Radius for the deployment. The `radapp.io/environment` annotation is optional and is used to set the environment for the application. If not specified, Radius will use the default environment.
 
 1. Save the file after you have made the edits and deploy the application again using Helm. Since the namespace and secret have already been created, we only need to run the `helm` command.
 
@@ -246,6 +247,7 @@ From here you will go through a series of steps to incrementally add more Radius
     ```bash
     rad app graph -a demo -g default-demo
     ```
+    where `-a demo` specifies the application name and `-g default-demo` specifies the resource group name. [Resource groups]({{< ref "guides/operations/groups/overview" >}}) are a way to organize resources in Radius.
 
     The output should look like this:
 
@@ -311,6 +313,7 @@ In this step you will:
       name: db
       namespace: {{ .Release.Namespace }}
     spec:
+      environment: '{{ .Values.environment }}'
       type: Applications.Datastores/redisCaches
       secretName: redis-secret
     ```
@@ -462,6 +465,7 @@ Make sure the `app.yaml` file from `./demo/Chart/templates/app.yaml` is open in
       namespace: {{ .Release.Namespace }}
       annotations:
         radapp.io/enabled: 'true'
+        radapp.io/environment: '{{ .Values.environment }}'
         radapp.io/connection-redis: 'db'
     spec:
     ...
@@ -488,6 +492,7 @@ Make sure the `app.yaml` file from `./demo/Chart/templates/app.yaml` is open in
       namespace: {{ .Release.Namespace }}
       annotations:
         radapp.io/enabled: 'true'
+        radapp.io/environment: '{{ .Values.environment }}'
         radapp.io/connection-redis: 'db'
     spec:
       selector:
@@ -510,6 +515,7 @@ Make sure the `app.yaml` file from `./demo/Chart/templates/app.yaml` is open in
       name: db
       namespace: {{ .Release.Namespace }}
     spec:
+      environment: '{{ .Values.environment }}'
       type: Applications.Datastores/redisCaches
     ```
 

@@ -321,4 +321,5 @@ This output shows that Radius has detected the three container resources in the
 
 - To learn more about authoring Radius applications, visit the [Authoring applications guide]({{< ref "guides/author-apps" >}})
 - To learn more about deploying applications using Radius, visit the [Deploying applications guide]({{< ref "guides/deploy-apps" >}})
+- To learn more about using the [Radius Connections]({{< ref "guides/author-apps/containers/overview#connections" >}}) annotations to connect your containers and resources, visit the [Radius Helm tutorial]({{< ref "tutorials/helm#step-6-add-connection" >}})
 - To learn more about Radius Recipes, visit the [Recipes guide]({{< ref "guides/recipes" >}})