This scenario shows:
- how to create secrets with file,
- how to use secrets: volume and environment variable,
- how to create secrets with command,
- how to get/delete secrets
- Run minikube (in this scenario, K8s runs on WSL2- Ubuntu 20.04) ("minikube start")
- Create Yaml file (secret.yaml) in your directory and copy the below definition into the file:
# Secret Object Creation
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
stringData:
db_server: db.example.com
db_username: admin
db_password: P@ssw0rd!
- Create Yaml file (secret-pods.yaml) in your directory and copy the below definition into the file:
- 3 Pods:
- secret binding using volume
- secret binding environment variable: 1. explicitly, 2. implicitly
apiVersion: v1
kind: Pod
metadata:
name: secretvolumepod
spec:
containers:
- name: secretcontainer
image: nginx
volumeMounts:
- name: secret-vol
mountPath: /secret
volumes:
- name: secret-vol
secret:
secretName: mysecret
---
apiVersion: v1
kind: Pod
metadata:
name: secretenvpod
spec:
containers:
- name: secretcontainer
image: nginx
env:
- name: username
valueFrom:
secretKeyRef:
name: mysecret
key: db_username
- name: password
valueFrom:
secretKeyRef:
name: mysecret
key: db_password
- name: server
valueFrom:
secretKeyRef:
name: mysecret
key: db_server
---
apiVersion: v1
kind: Pod
metadata:
name: secretenvallpod
spec:
containers:
- name: secretcontainer
image: nginx
envFrom:
- secretRef:
name: mysecret
- Create secret object:
- Create pods:
- Describe secret to see details:
- Run bash in the secretvolumepod (1st pod):
- Run "printenv" command in the secretenvpod (2nd pod):
- Run "printenv" command in the secretenvallpod (3rd pod):
- Create new secret with imperative way:
kubectl create secret generic mysecret2 --from-literal=db_server=db.example.com --from-literal=db_username=admin --from-literal=db_password=P@ssw0rd!
- Create new secret using files (avoid to see in the history command list).
- Create file on the same directory before to run command (e.g. "touch server.txt"):
- server.txt => put into "db.example.com" with "cat" command
- password.txt => put into "password" with "cat" command
- username.txt => put into "admin" with "cat" command
kubectl create secret generic mysecret3 --from-file=db_server=server.txt --from-file=db_username=username.txt --from-file=db_password=password.txt
- Create json file (config.json) and put following content
{
"apiKey": "7ac4108d4b2212f2c30c71dfa279e1f77dd12356",
}
kubectl create secret generic mysecret4 --from-file=config.json
- Delete mysecret4: