Secrets
Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or a container image.
create a secret apikey that holds a (made-up) API key:
# echo -n "A19fh68B001j" > ./apikey.txt
# cat apikey.txt
A19fh68B001jroot
Run the below command:
# kubectl create secret generic apikey --from-file=./apikey.txt
secret/apikey created
# kubectl describe secrets/apikey
Name: apikey
Namespace: default
Labels:
Annotations:
Type: Opaque
Data
====
apikey.txt: 12 bytes
Now let’s use the secret in a pod via a volume
# kubectl apply -f https://raw.githubusercontent.com/openshift-evangelists/kbe/main/specs/secrets/pod.yaml
pod/consumes created
If we now exec into the container we see the secret mounted at /tmp/apikey
# kubectl exec -it consumesec -c shell -- bash
# mount | grep apikey
tmpfs on /tmp/apikey type tmpfs (ro,relatime)
# cat /tmp/apikey/apikey.txt
A19fh68B001j
return
exit
Remove both the pod and the secret with
# kubectl delete pod/consumesec secret/apikey
pod "consumesec" deleted
secret "apikey" deleted
Note that for service accounts Kubernetes automatically creates secrets containing credentials for accessing the API and modifies your pods to use this type of secret.
Relevant Blogs:
Recent Comments
No comments
Leave a Comment
We will be happy to hear what you think about this post