Table of Contents :
-
Introduction
-
Benefits of Using Secrets
-
Creating and Managing Secrets
-
Real-Time Scenarios for Using Secrets
-
Hands-On Tasks
-
Detailed Commands and Examples
-
Common Challenges and Troubleshooting
What are Secrets in Kubernetes?
-
Secrets are used to store sensitive data, like passwords, API keys, and certificates, separately from the application code.
-
They provide a more secure way to store sensitive information compared to ConfigMaps because they are base64 encoded.
-
Kubernetes Secrets are not encrypted by default but are encoded to prevent accidental exposure.
Why Use Secrets?
-
Secure Storage: Helps keep sensitive information separate from application code and configuration.
-
Access Control: Secrets can be accessed only by the Pods that have been granted access.
-
Simplified Management: Managing secrets across different environments (Dev, Test, Prod) becomes easier and more secure.
Creating Secrets in Kubernetes
1. Using kubectl Command
You can create a secret using the kubectl command:
kubectl create secret generic my-secret --from-literal=username=admin --from-literal=password=secret123
2. Creating Secrets Using a YAML File
A YAML file can also be used to create secrets. Here’s an example of a secret.yaml file:
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
username: YWRtaW4=
password: c2VjcmV0MTIz
Apply the YAML file with:
kubectl apply -f secret.yaml
Encoding and Decoding Secrets
Tasks Performed
Task 1: Decrypt a Secret in YAML Format
-
Create a file named
application.propertieswith some sensitive information.echo "db.username=admin" > application.properties echo "db.password=secret123" >> application.properties -
Encrypt the contents using
kubectl:kubectl create secret generic app-secrets --from-file=application.properties -
View the secret in YAML format (note that the data will be base64 encoded):
kubectl get secret app-secrets -o yaml -
Decode the data manually to verify:
echo -n "" | base64 --decode
Task 2: Create a Secret from environment.sh
-
Create the
environment.shfile with the following content:echo "variable1=value1" > environment.sh -
Create a secret using the file:
kubectl create secret generic env-secret --from-file=environment.sh -
View the created secret:
kubectl get secret env-secret -o yaml -
Decode the base64 encoded values:
echo -n "" | base64 --decode
Task 3: Create Secrets for MySQL
-
Encrypt MySQL username and password:
echo -n "mysqluser" | base64 echo -n "mysqlpassword" | base64 -
Create a
mysql-secret.yamlfile:apiVersion: v1 kind: Secret metadata: name: mysql-secret type: Opaque data: databaseusername: bXlzcWx1c2Vy databasepassword: bXlzcWxwYXNzd29yZA== -
Apply the secret:
kubectl apply -f mysql-secret.yaml -
Verify the created secret:
kubectl get secret mysql-secret -o yaml -
Decode to confirm the values:
echo -n "bXlzcWx1c2Vy" | base64 --decode echo -n "bXlzcWxwYXNzd29yZA==" | base64 --decode
Real-Time Scenarios Where Kubernetes Secrets Are Useful
-
Database Credentials: Storing database usernames and passwords securely.
-
API Keys and Tokens: Managing access tokens for third-party services.
-
SSL Certificates: Storing SSL certificates to enable secure communication.
Commands Recap
-
Create a Secret from literals:
kubectl create secret generic my-secret --from-literal=username=admin -
Create a Secret from a file:
kubectl create secret generic my-secret --from-file=application.properties -
Encode to Base64:
echo -n "value" | base64 -
Decode from Base64:
echo -n "encoded_value" | base64 --decode -
Apply a YAML file:
kubectl apply -f secret.yaml -
Get a Secret in YAML format:
kubectl get secret my-secret -o yaml -
Delete a Secret:
kubectl delete secret my-secret
Thanks for joining me on Day 42! Let’s keep learning and growing together!
Happy Learning!
#90DaysOfDevOps
Subscribe To Our Newsletter
Enter your email address to subscribe
