03.04-Secrets

Secrets

It works like a ConfigMap but used to store sensitive data, like passwords.

Creating secrets

Imperative way:

# getting key-value pairs directly from command line
kubectl create secret generic ${secretName} \
  --from-literal=${key}=${value}

# getting key-value pairs from a file
kubectl create secret generic ${secretName} \
  --from-file=${filePath}

Declarative way:

apiVersion: v1

kind: Secret

metadata:
  name: app-secret

data:
  DB_Host: base64EncodedHost
  DB_User: base64EncodedUser
  DB_Password: base64EncodedPassword

Secrets in Pods

pod.spec.containers:
  - envFrom:
    - secretRef:
        name: app-secret # secret's name

3 ways to use Secrets in Pods:

env var from whole secret
single env var from the secret
volume

# env var from whole secret
pod.spec.containers:
  - envFrom:
    - secretRef:
        name: app-secret


# single env var from the config map
pod.spec.containers:
  env:
    - name: DB_Password
      valueFrom:
        secretKeyRef:
          name: app-secret
          key: DB_Password


# volume
pod.spec.containers:
  volumes:
  - name: app-config-volume
    secret:
      secretName: app-secret

If you set the secret as a volume, kubernetes creates a directory /opt/app-secret-volumes with the contents of the secret in files.