Site icon i2tutorials

Kubernetes – Secrets

Kubernetes – Secrets

 

User names and passwords are stored in secrets, Kubernetes objects.

Kubernetes has multiple ways to create secrets.

Creating From Text File

Using the following command, you can create user names and passwords from a text file.

$ kubectl create secret generic tomcat-passwd --from-file = ./username.txt –fromfile = ./.
password.txt

Creating From Yaml File

apiVersion: v1
kind: Secret
metadata:
name: tomcat-pass
type: Opaque
data:
   password: <User Password>
   username: <User Name>

Creating the Secret

$ kubectl create –f Secret.yaml
secrets/tomcat-pass

Using Secrets

Pods or replication controllers can consume the secrets once we’ve created them

Environment Variable

The secret will be set as an environment variable under the spec section of the pod yaml file.

env:
- name: SECRET_USERNAME
   valueFrom:
      secretKeyRef:
         name: my-secret
         key: tomcat-pass

Volume

spec:
   volumes:
      - name: "secrets-test"
         secret:
            secretName: tomcat-pass
   containers:
      - image: tomcat:7.0
         name: webserver
         volumeMounts:
            - mountPath: "/tmp/mysec"
            name: "secrets-test"

Secret Configuration as Environment Variable

apiVersion: v1
kind: ReplicationController
metadata:
   name: appname
spec:
replicas: replica_count
template:
   metadata:
      name: appname
   spec:
      nodeSelector:
         resource-group:
      containers:
         - name: appname
            image:
            imagePullPolicy: Always
            ports:
            - containerPort: 3000
            env: -----------------------------> 1
               - name: ENV
                  valueFrom:
                     configMapKeyRef:
                        name: appname
                        key: tomcat-secrets

We are using secrets as an environment variable in the replication controller in the above code.

Secrets As Volume Mount

apiVersion: v1
kind: pod
metadata:
   name: appname
spec:
   metadata:
      name: appname
   spec:
   volumes:
      - name: "secrets-test"
         secret:
            secretName: tomcat-pass
   containers:
      - image: tomcat: 8.0
         name: webserver
         volumeMounts:
            - mountPath: "/tmp/mysec"
            name: "secrets-test"

 

Exit mobile version