Skip to content

Latest commit

 

History

History
149 lines (118 loc) · 4.06 KB

K8s-Secret.md

File metadata and controls

149 lines (118 loc) · 4.06 KB

LAB: K8s Secret

This scenario shows:

  • how to create secrets with file,
  • how to use secrets: volume and environment variable,
  • how to create secrets with command,
  • how to get/delete secrets

Steps

  • Run minikube (in this scenario, K8s runs on WSL2- Ubuntu 20.04) ("minikube start")

image

  • Create Yaml file (secret.yaml) in your directory and copy the below definition into the file:
# Secret Object Creation  
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
stringData:
  db_server: db.example.com
  db_username: admin
  db_password: P@ssw0rd!
  • Create Yaml file (secret-pods.yaml) in your directory and copy the below definition into the file:
  • 3 Pods:
    • secret binding using volume
    • secret binding environment variable: 1. explicitly, 2. implicitly
apiVersion: v1
kind: Pod
metadata:
  name: secretvolumepod
spec:
  containers:
  - name: secretcontainer
    image: nginx
    volumeMounts:
    - name: secret-vol
      mountPath: /secret
  volumes:
  - name: secret-vol
    secret:
      secretName: mysecret
---
apiVersion: v1
kind: Pod
metadata:
  name: secretenvpod
spec:
  containers:
  - name: secretcontainer
    image: nginx
    env:
      - name: username
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: db_username
      - name: password
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: db_password
      - name: server
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: db_server
---
apiVersion: v1
kind: Pod
metadata:
  name: secretenvallpod
spec:
  containers:
  - name: secretcontainer
    image: nginx
    envFrom:
    - secretRef:
        name: mysecret
  • Create secret object:

image

  • Create pods:

image

  • Describe secret to see details:

image

  • Run bash in the secretvolumepod (1st pod):

image

  • Run "printenv" command in the secretenvpod (2nd pod):

image

  • Run "printenv" command in the secretenvallpod (3rd pod):

image

  • Create new secret with imperative way:
kubectl create secret generic mysecret2 --from-literal=db_server=db.example.com --from-literal=db_username=admin --from-literal=db_password=P@ssw0rd!

image

  • Create new secret using files (avoid to see in the history command list).
  • Create file on the same directory before to run command (e.g. "touch server.txt"):
    • server.txt => put into "db.example.com" with "cat" command
    • password.txt => put into "password" with "cat" command
    • username.txt => put into "admin" with "cat" command
kubectl create secret generic mysecret3 --from-file=db_server=server.txt --from-file=db_username=username.txt --from-file=db_password=password.txt

image

  • Create json file (config.json) and put following content
{
    "apiKey": "7ac4108d4b2212f2c30c71dfa279e1f77dd12356",
}
kubectl create secret generic mysecret4 --from-file=config.json

image

  • Delete mysecret4:

image