Kubernetes – Secrets
User names and passwords are stored in secrets, Kubernetes objects.
Kubernetes has multiple ways to create secrets.
- Creating from txt files.
- Creating from yaml file.
Creating From Text File
Using the following command, you can create user names and passwords from a text file.
$ kubectl create secret generic tomcat-passwd --from-file = ./username.txt –fromfile = ./. password.txt
Creating From Yaml File
apiVersion: v1 kind: Secret metadata: name: tomcat-pass type: Opaque data: password: <User Password> username: <User Name>
Creating the Secret
$ kubectl create –f Secret.yaml secrets/tomcat-pass
Using Secrets
Pods or replication controllers can consume the secrets once we’ve created them
- Environment Variable
- Volume
Environment Variable
The secret will be set as an environment variable under the spec section of the pod yaml file.
env: - name: SECRET_USERNAME valueFrom: secretKeyRef: name: my-secret key: tomcat-pass
Volume
spec: volumes: - name: "secrets-test" secret: secretName: tomcat-pass containers: - image: tomcat:7.0 name: webserver volumeMounts: - mountPath: "/tmp/mysec" name: "secrets-test"
Secret Configuration as Environment Variable
apiVersion: v1 kind: ReplicationController metadata: name: appname spec: replicas: replica_count template: metadata: name: appname spec: nodeSelector: resource-group: containers: - name: appname image: imagePullPolicy: Always ports: - containerPort: 3000 env: -----------------------------> 1 - name: ENV valueFrom: configMapKeyRef: name: appname key: tomcat-secrets
We are using secrets as an environment variable in the replication controller in the above code.
Secrets As Volume Mount
apiVersion: v1 kind: pod metadata: name: appname spec: metadata: name: appname spec: volumes: - name: "secrets-test" secret: secretName: tomcat-pass containers: - image: tomcat: 8.0 name: webserver volumeMounts: - mountPath: "/tmp/mysec" name: "secrets-test"