You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.9 KiB
1.9 KiB
Secrets
Objects of type Secret
are intended to hold sensitive information, such as passwords, OAuth tokens, and ssh keys. Putting this information in a secret is safer and more flexible than putting it verbatim in a pod definition or in a docker image.
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4= # admin
password: cGFzc3dvcmQ= # password
data
: is a list of key/values. The values must be in base64.
You can apply the file:
$ kubectl apply -f 10-secrets/01-secrets.yml
secret "mysecret" created
You can reference a secret from a pod, either per env variable or mounting a volume containing a secret.
Here we mount the secret mysecret
to the path /etc/foo
inside the pod:
apiVersion: v1
kind: Pod
metadata:
name: redis-with-volume-secrets
spec:
containers:
- name: redis
image: redis
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
Here we bind the value username
from the secret mysecret
to the env variable SECRET_USERNAME
,
password
from the secret mysecret
to the env variable SECRET_PASSWORD
:
apiVersion: v1
kind: Pod
metadata:
name: redis-with-env-secrets
spec:
containers:
- name: redis
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
Careful, if you change a secret after starting the pods, it won't update the pods. So you need to restart them.
Exercices
Nothing to see here.
Clean up
kubectl delete service,deployment,pod,secrets --all