Kubernetes Secrets Operations: Difference between revisions
Jump to navigation
Jump to search
| Line 24: | Line 24: | ||
===From File=== | ===From File=== | ||
Declare the secret content in one (or more) file(s) on the local filesystem. The file | Declare the secret content in one (or more) file(s) on the local filesystem. The file name will become the secret's [[Kubernetes Cluster Configuration Concepts#Secret_Data_Map|data map]] keys. Multiple files can be added to the same secret. When the secret is exposed to a pod, the content will be available as volume files with the same name. | ||
echo -n "test-user" > ./username.txt | echo -n "test-user" > ./username.txt | ||
Revision as of 21:45, 23 August 2019
Internal
Inspecting Secrets
kubectl get secrets
kubectl get secret mysecret -o yaml
The value of the secret is base64-encoded and it can be retrieved with:
echo '....' | base64 --decode
kubectl describe secret secret-name
Create a Secret
With kubectl CLI
From File
Declare the secret content in one (or more) file(s) on the local filesystem. The file name will become the secret's data map keys. Multiple files can be added to the same secret. When the secret is exposed to a pod, the content will be available as volume files with the same name.
echo -n "test-user" > ./username.txt echo -p "test-password" > ./password.txt
kubectl create secret generic username-and-password --from-file=./username.txt --from-file=./password.txt
This will create the following secret:
Name: username-and-password
Namespace: test
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password.txt: 17 bytes
username.txt: 9 bytes
From Literal
Special Character Handling
Special characters such as '$', '*' and '!' require escaping (\).
From a Manifest
TODO
Creating Secrets with a Generator
TODO