Beginners guide to Kubernetes secrets
Civo Academy - Creating and Using Kubernetes Secrets
Description
Welcome to this lesson on Kubernetes secrets. Secrets in Kubernetes are a vital tool for storing confidential data like passwords, OAuth tokens, and SSH keys. In this lesson, we`ll be creating Kubernetes secrets and then using them inside the pods.
In this lesson, we'll be creating Kubernetes secrets and then using them inside the pods. We can achieve this by learning more about the background of Kubernetes secrets and using them inside a Pod.
Creating Kubernetes Secrets
Kubernetes secrets can be created using a YAML file. The API version is v1, and the kind is secret. In the data section, we provide the data that we want to have as secrets. These data will be in base64 encoded forms. You can use any tool to do that. For instance, you can use the command echo -n "admin" |base64
to verify. The output will be the same as the previous data value in the YAML file.
Once you`ve put your base64 encoded data inside a YAML file, you can create the secret using the command kubectl create -f sec.yaml
. You can verify the creation by running kubectl get secrets
. You will see that the demo secret is there, and the value of the data is two.
Using a Secret Inside a Pod
To use the secret inside a pod, we can mount it as a volume. In this case, it's a simple nginx pod where we have the volume as a small secret. We have given the secret, and the secret name demo that we just created. Inside the container, it's a simple volume mount, the name of the volume, and then the mount path inside the pod.
You can create the pod using the command kubectl create -f pod2.yaml
. Verify the creation by running the command kubectl get pods
. You can then exec into the pod through kubectl exec -it secret-pod-volume - sh
. If you go into the mount path directory and use the command ls
, you will see the username and password in the directory. If you use the command cat>
, the username should be admin, and the password should be passcode.
Creating Secrets Imperatively
Another way of creating the secret is using the imperative way. You can create a secret by running the command kubectl create secret generic admin --from-literal=admin-user=admin
. Generic is the type of secret that we want to create. Hence, the secret admin is created.
You can create multiple secrets for different purposes. To see the successful creation of the secrets, verify them through kubectl get secrets
.
Using Secrets as Environment Variables Inside Pods
Now, we`ll be using the secrets inside the pod as environment variables. We have a BusyBox container, and we just run a simple command env
, which will list all the environment variables from that particular pod. In the BusyBox container, we are using ENV
, and in ENV
, we are giving the ADMIN_USER
environment variable, and the value is from the secret key reference. So it's a SecretKeyRef
with the name and the key.
You can create this pod through kubectl create -f pod.yaml
. You can check the logs of secret-env
through kubectl logs of secret-env
. You can see admin
, user admin
, and dev user
as both the secrets have successfully mounted as an environment variable inside the pod, which can again be used by the code or the application running.
Conclusion
That concludes this lesson on creating and using Kubernetes secrets. Secrets are a powerful tool in Kubernetes, allowing you to store and manage sensitive information securely. Whether you`re mounting them as volumes or using them as environment variables, secrets can help keep your applications secure and your code clean.