Beginners guide to Kubernetes secrets
Civo Academy - Creating and Using Kubernetes Secrets
Welcome to this lesson on Kubernetes secrets. Secrets in Kubernetes are a vital tool for storing confidential data like passwords, OAuth tokens, and SSH keys. In this lesson, we`ll be creating Kubernetes secrets and then using them inside the pods.
In this lesson, we'll be creating Kubernetes secrets and then using them inside the pods. We can achieve this by learning more about the background of Kubernetes secrets and using them inside a Pod.
Creating Kubernetes Secrets
Kubernetes secrets can be created using a YAML file. The API version is v1, and the kind is secret. In the data section, we provide the data that we want to have as secrets. These data will be in base64 encoded forms. You can use any tool to do that. For instance, you can use the command
echo -n "admin" |base64 to verify. The output will be the same as the previous data value in the YAML file.
Once you`ve put your base64 encoded data inside a YAML file, you can create the secret using the command
kubectl create -f sec.yaml. You can verify the creation by running
kubectl get secrets. You will see that the demo secret is there, and the value of the data is two.
Using a Secret Inside a Pod
To use the secret inside a pod, we can mount it as a volume. In this case, it's a simple nginx pod where we have the volume as a small secret. We have given the secret, and the secret name demo that we just created. Inside the container, it's a simple volume mount, the name of the volume, and then the mount path inside the pod.
You can create the pod using the command
kubectl create -f pod2.yaml. Verify the creation by running the command
kubectl get pods. You can then exec into the pod through
kubectl exec -it secret-pod-volume - sh. If you go into the mount path directory and use the command
ls, you will see the username and password in the directory. If you use the command
cat>, the username should be admin, and the password should be passcode.
Creating Secrets Imperatively
Another way of creating the secret is using the imperative way. You can create a secret by running the command
kubectl create secret generic admin --from-literal=admin-user=admin. Generic is the type of secret that we want to create. Hence, the secret admin is created.
You can create multiple secrets for different purposes. To see the successful creation of the secrets, verify them through
kubectl get secrets.
Using Secrets as Environment Variables Inside Pods
Now, we`ll be using the secrets inside the pod as environment variables. We have a BusyBox container, and we just run a simple command
env, which will list all the environment variables from that particular pod. In the BusyBox container, we are using
ENV, and in
ENV, we are giving the
ADMIN_USER environment variable, and the value is from the secret key reference. So it's a
SecretKeyRef with the name and the key.
You can create this pod through
kubectl create -f pod.yaml. You can check the logs of
kubectl logs of secret-env. You can see
user admin, and
dev user as both the secrets have successfully mounted as an environment variable inside the pod, which can again be used by the code or the application running.
That concludes this lesson on creating and using Kubernetes secrets. Secrets are a powerful tool in Kubernetes, allowing you to store and manage sensitive information securely. Whether you`re mounting them as volumes or using them as environment variables, secrets can help keep your applications secure and your code clean.