Beginners guide to Kubernetes secrets
Beginners guide to Kubernetes secrets
Understand what Kubernetes secrets are and how to use them, plus how to utilize a secret inside a pod.
Creating Kubernetes secrets
In this video, we'll be creating Kubernetes secrets and then using them inside the pods. Now we can create secrets using the YAML file. So it's API version v1, and kind is secret, and in the data section, we provide the data that we want to have as secrets. So these data will be in the base 64 encoded forms. You can use any tool to do that. We can use the command
echo -n "admin" |base64 to verify. We will see that the output will be the same as the previous data value in the yaml file. So basically, the username is admin in the command, and the password is passcode. And I can verify that passcode by using the command
echo -n "passcode" |base64.
So once this is done, you put that inside a YAML file, and then you create using the command
kubectl create -f sec.yaml and verify the creation by running
kubectl get secrets. You will see that the demo secret is there, and the value of the data is two.
Using a secret inside a pod
Now in order to use the secret inside the pod, we can, we mount it as a volume. So in this particular case, it's a simple nginx pod of where we have the volume as a small secret. We have given the secret, and the secret name demo that we just created. So inside the container, it's a simple volume mount, and the name of the volume, and then the mount path inside the pod.
So let's create the pod using the command
kubectl create -f pod2.yaml. Now, verify the creation by running the command
kubectl get pods. You will see that it's running. Now we exec into the pod through
kubectl exec -it secret-pod-volume - sh. We'll go into the mount path directory and use the command
ls. We will see the username and password in the directory by doing that. If I use the command
cat, the username should be admin, and the password should be passcode. So this is how we have bounded the secrets inside the pod. And then here, we can have a code that can use this. Another way of creating the secret is using the imperative way. So we can create a secret by running the command
kubectl create secret generic admin --from-literal=admin-user=admin. Generic is the type of secret that we want to create. Hence, the secret admin is created.
Now, we'll be using two secrets for the next particular demo. So let me create the secret for the dev user by running the command
kubectl create secret generic admin --from-literal=dev-user=dev. With this, both secrets are created. To see the successful creation of the secrets, verify them through
Kubectl get secrets. Now we'll be using the secrets inside the pod as environment variables. So let's see how we use this. We have a BusyBox container, and we just run a simple command
env, which will list all the environment variables from that particular pod. In the BusyBox container, we are using ENV, and in ENV, we are giving the ADMIN_USER environment variable, and the value is from the secret key reference. So it's a SecretKeyRef with the name and the key. So the name is the admin of the secret, and the key is the admin-user. So again, the SecretKeyRef of the dev user one will have a similar format.
So let's create this pod through
kubectl create -f pod.yaml. You will see that the pod is created, running through
kubectl get pods. Now, we can check the logs of secret-env through
kubectl logs of secret-env. You can see admin, user admin, and dev user as both the secrets have successfully mounted as an environment variable inside the pod, which can again be used by the code or the application running. So this is how the secrets can be created and used inside the pod.
Thank you for watching. That's it for this lecture.