Secrets

Secrets

Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or a container image.

create a secret apikey that holds a (made-up) API key:

# echo -n "A19fh68B001j" > ./apikey.txt

# cat apikey.txt

A19fh68B001jroot

Run the below command:

# kubectl create secret generic apikey --from-file=./apikey.txt

secret/apikey created

# kubectl describe secrets/apikey

Name:         apikey

Namespace:    default

Labels:       

Annotations: 

Type:  Opaque

Data

====

apikey.txt:  12 bytes

Now let’s use the secret in a pod via a volume

# kubectl apply -f https://raw.githubusercontent.com/openshift-evangelists/kbe/main/specs/secrets/pod.yaml

pod/consumes created

If we now exec into the container we see the secret mounted at /tmp/apikey

# kubectl exec -it consumesec -c shell -- bash

# mount | grep apikey

tmpfs on /tmp/apikey type tmpfs (ro,relatime)

# cat /tmp/apikey/apikey.txt

A19fh68B001j

return

exit

Remove both the pod and the secret with

# kubectl delete pod/consumesec secret/apikey

pod "consumesec" deleted

secret "apikey" deleted

Note that for service accounts Kubernetes automatically creates secrets containing credentials for accessing the API and modifies your pods to use this type of secret.



Relevant Blogs:

canary deployment with istio 

Introduction to YAML  

ZA Proxy run scan

Nagios installation and configuration


Recent Comments

No comments

Leave a Comment