A Kubernetes secret is an object that contains sensitive or confidential data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image.
Secrets are normally created independently of the pods that use them. This means that there is less risk of the secret data being exposed when the pods are beeing created, updated, viewed or managed.
Secrets are similar to ConfigMaps but are specifically intended to hold confidential data.
Prerequisites
Before you begin, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.
Convert your secret data to a base-64 representation
Use a base64 encoding tool to convert your username and password to a base64 representation. Here’s an example using the commonly available base64 program:
echo -n 'app' | base64
echo -n 'secret' | base64Here is a configuration file you can use to create a Secret that holds your username and password:
apiVersion: v1
kind: Secret
metadata:
name: test-secret
data:
username: YXBw
password: c2VjcmV0Create the Secret with this command:
kubectl apply -f ./secret.yamlCheck information in the secret:
kubectl get secret test-secretGetting more more detailed information about the Secret:
kubectl describe secret test-secretCreate a Secret directly with kubectl
kubectl create secret generic -n dev test-secret --from-literal='username=app' --from-literal='password=secret'
1 Comment
Pingback: How to install and set up Hashicorp Vault in Linux – Citizix