CozyFex
Posts Tags Categories English
CozyFex

Contents

Kubernetes Environment Secrets

CozyFex included in kubernetes k8s orchestration
   407 words   2 minutes 

Create Secret

Secret
If you want to know all of Secret, see this document

Imperative

Values with command

1
2
3
4
5
6
7
8

# Structure
kubectl create secret generic <secret-name> --from-literal=<key>=<value> \
                                       --from-literal=<key>=<value> \
                                       --from-literal=<key>=<value>
# Example
kubectl create secret generic app-secret --from-literal=DB_Host=mysql \
                                         --from-literal=DB_User=root \
                                         --from-literal=DB_Password=paswrd

Values from file

app_secret.properties

1
2
3

DB_Host: mysql
DB_User: root
DB_Password: paswrd

1
2
3
4
5

# Structure
kubectl create secret generic <secret-name> --from-file=<path-to-file>

# Example
kubectl create secret generic app-secret --from-file=app_secret.properties

Declarative

Encode

1
2
3
4
5
6
7
8

# bXlzcWw=
echo -n 'mysql' | base64

# cm9vdA==
echo -n 'root' | base64

# cGFzd3Jk
echo -n 'paswrd' | base64

Decode

1
2
3
4
5
6
7
8

# mysql
echo -n 'bXlzcWw=' | base64 --decode

# root
echo -n 'cm9vdA==' | base64 --decode

# paswrd
echo -n 'cGFzd3Jk' | base64 --decode

secret-data.yaml

1
2
3
4
5
6
7
8

apiVersion: v1
kind: Secret
metadata:
  name: app-secret
data:
  DB_Host: bXlzcWw=
  DB_User: cm9vdA==
  DB_Password: cGFzd3Jk

1

kubectl create –f secret-data.yaml

Apply Secret to POD YAML

pod-definition.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

apiVersion: v1
kind:
  Pod
metadata:
  name: simple-webapp-color
spec:
  containers:
    - name: simple-webapp-color
      image: simple-webapp-color
      ports:
        - containerPort: 8080
      envFrom:
        - secretRef:
            name: app-secret

1

kubectl create -f pod-definition.yaml

View Secrets

1

kubectl get secrets

Secret Detail

1
2
3
4
5

# All Secrets
kubectl describe secrets

# Specific Secret
kubectl describe secret app-secret

Export Secret to YAML

1

kubectl get secret app-secret –o yaml > app-secret.yaml

Secret in PODs

ENV

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

apiVersion: v1
kind:
  Pod
metadata:
  name: simple-webapp-color
spec:
  containers:
    - name: simple-webapp-color
      image: simple-webapp-color
      ports:
        - containerPort: 8080
      envFrom:
        - secretRef:
            name: app-secret
        - secretRef:
            name: db-secret

SINGLE ENV

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

apiVersion: v1
kind:
  Pod
metadata:
  name: simple-webapp-color
spec:
  containers:
    - name: simple-webapp-color
      image: simple-webapp-color
      ports:
        - containerPort: 8080
      env:
        - name: DB_Password
          valueFrom:
            secretKeyRef:
              name: app-secret
              key: DB_Password

VOLUME

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

apiVersion: v1
kind:
  Pod
metadata:
  name: simple-webapp-color
spec:
  volumes:
    - name: app-secret-volume
      secret:
        name: app-secret
  containers:
    - name: simple-webapp-color
      image: simple-webapp-color
      ports:
        - containerPort: 8080
      volumeMounts:
        - name: app-secret-volume
          mountPath: /etc/secret
Updated on 2021-05-17
Read Markdown
 kubernetesapplication lifecycle managementenvironment variablesecret
Back | Home