Understanding Secrets — Kubernetes
This article is a continuation of the configMaps article. https://medium.com/@ngugijoan/understanding-configuration-kubernetes-e527d191ecf2
Secretes are Kubernetes objects mostly used with sensitive config data such as passwords or API keys. Secrets are stored as based64-encoded within Kubernetes.
Like ConfigMaps, you can create secrets in 2 ways.
- Using Kubernetes manifest.
- Using Secrets as Environment Variables.
Secretes are stored in tmpfs on a Node(not on disk).
Using Secrets with literal files
To use Secrets directly use the kubectl create secret command. For instance, how would you save a database username and password?
- You would for start use the “kubectl create secret command”.
- You would then set the username and password for your database.
- You would then use the secret in a pod.
Creating a secret using kubectl create secret
kubectl create secret generic my-secret --from-literal=pwd=my-password
Let’s confirm that our secret has been created
Let’s view the YAML file of the created secret.
Notice that the password and username in the data section are shown as BASE64-encoded strings. When you expose the Secret to a container through a secret volume, the value of the Secret entry is decoded and written to the file in the original actual form.
You can also create a secret manually in a file first, in JSON or YAML format and then creating the object.
Practice Exercises.
- Create a secret called newsecret with the values password=mypass. View the secret created.
2. Create a secret called mysecret that gets key/value from a file.
- First, create a file and insert key and value contents.
- Now fetch the contents from the file and create your secret.
3. Get the value of the secret you’ve created. You can see that the content in our file has been encoded.
4. Create an redis pod that mounts the secret mysecret in a volume path /etc/foo
View the Kubernete's official documentation for more information on secrets.
