You will learn about:
- secrets in Kubernetes
- read secrets from volumes mounted in the container
- create secrets that can be shared to one or more pods.
No code provided. You will create Kubernetes YAML definitions for pods that read secrets.
Run cd exercise/ and follow the instructions below to get started!
Secrets are similiar in principle to config maps.
Instead of using a YAML definition this time, let's create the secret with the kubectl CLI:
kubectl create secret generic my-secret --from-literal=password=helloWorld42+Create a pod that will read the secret value from a Docker volume:
kubectl apply -f secret-pod.yamlFind the newly created pod name with kubectl get pods and confirm that the pod has successfully extracted the secret of the configuration identified by the key password:
kubectl logs pod/secret-appThe output should be similar to this:
helloWorld42+
It is important to note that secrets are not encrypted by default (they are only encoded)
Display the contents of the secret we have just created
kubectl get secret my-secret -o yaml
Decode the secret
echo -n '*.......*==' | base64 -D
The output should be
helloWorld42+
NOTE: Config Maps and secrets in Kubernetes do not signal pods when new key/values are available. Pods will have to be restarted after adding or updating them.
Links:
# Windows only
kubectl delete all --all -n "$env:TEAM_NAME"
kubectl delete secret my-secret
# MacOS
kubectl delete all --all -n "${TEAM_NAME}"
kubectl delete secret my-secret