Kubernetes Secrets Operations

From NovaOrdis Knowledge Base
Revision as of 21:45, 23 August 2019 by Ovidiu (talk | contribs) (→‎From File)
Jump to navigation Jump to search

Internal

Inspecting Secrets

kubectl get secrets

kubectl get secret mysecret -o yaml

The value of the secret is base64-encoded and it can be retrieved with: 

echo '....' | base64 --decode

kubectl describe secret secret-name

Create a Secret

With kubectl CLI

Creating a Secret Using kubectl create secret

From File

Declare the secret content in one (or more) file(s) on the local filesystem. The file name will become the secret's data map keys. Multiple files can be added to the same secret. When the secret is exposed to a pod, the content will be available as volume files with the same name. 

echo -n "test-user" > ./username.txt
echo -p "test-password" > ./password.txt

kubectl create secret generic username-and-password --from-file=./username.txt --from-file=./password.txt

This will create the following secret: 

Name:         username-and-password
Namespace:    test
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password.txt:  17 bytes
username.txt:  9 bytes

From Literal

Special Character Handling

Special characters such as '$', '*' and '!' require escaping (\).

From a Manifest

Creating a Secret Manually

TODO

Creating Secrets with a Generator

Creating a Secret from Generator

TODO

Retrieved from "https://kb.novaordis.com/index.php?title=Kubernetes_Secrets_Operations&oldid=60215"