Kubernetes Secrets Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 24: Line 24:
===From File===
===From File===


Declare the secret content in one (or more) file(s) on the local filesystem. The file name will become the secret's [[Kubernetes Cluster Configuration Concepts#Secret_Data_Map|data map]] keys. Multiple files can be added to the same secret. When the secret is exposed to a pod, the content will be available as volume files with the same name.  
Declare the secret content in one (or more) file(s) on the local filesystem. The file name will become a secret's [[Kubernetes Cluster Configuration Concepts#Secret_Data_Map|data map]] key. Multiple files can be added to the same secret. When the secret is exposed to a pod, the content will be available as volume files with the same name.  


  echo -n "test-user" > ./username.txt
  echo -n "test-user" > ./username.txt

Revision as of 21:47, 23 August 2019

Internal

Inspecting Secrets

kubectl get secrets
kubectl get secret mysecret -o yaml

The value of the secret is base64-encoded and it can be retrieved with:

echo '....' | base64 --decode
kubectl describe secret secret-name

Create a Secret

With kubectl CLI

Creating a Secret Using kubectl create secret

From File

Declare the secret content in one (or more) file(s) on the local filesystem. The file name will become a secret's data map key. Multiple files can be added to the same secret. When the secret is exposed to a pod, the content will be available as volume files with the same name.

echo -n "test-user" > ./username.txt
echo -p "test-password" > ./password.txt
kubectl create secret generic username-and-password --from-file=./username.txt --from-file=./password.txt

This will create the following secret:

Name:         username-and-password
Namespace:    test
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password.txt:  17 bytes
username.txt:  9 bytes

From Literal

Special Character Handling

Special characters such as '$', '*' and '!' require escaping (\).

From a Manifest

Creating a Secret Manually

TODO

Creating Secrets with a Generator

Creating a Secret from Generator

TODO