Secrets
I'll keep your secrets, but it's just a base64 encoded value, and plain text in ETCd
Secret Types
You can create any type of secret, but there are some pre-defined types
Creating secrets with kubectl
You can quickly create a secret from the command line using literal values or files:
- Generic
- Docker Registry
- TLS
- Create a secret from a literal value
kubectl create secret generic app-secet --from-literal=key=value - Create a secret from an env file `.env`
kubectl create secret generic app-secret --from-env-file=./.env - Create a secret from a .properties fileThis will create a secret with a key named `file.properties`
kubectl create secret generic app-secret --from-file=file.properties
kubectl create secret docker-registry secret-name \
--docker-username someuser \
--docker-password somepass \
--docker-server my.docker.repokubectl create secret tls https-cert --key fileName.key --cert fileName.crt
Template
# also try secret.tls
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: ${RESOURCE_NAME}
namespace: default
data:
sec: $(echo -n data | base64 | tr -d '\n' | pbcopy)
Load secrets into a pod
Single Env Var, Entire set of env vars, or load as a volume:
volumes:
name: app-secret-volume
secret:
secretName: app-secret
Each attribute in the secret is created as a separate file
Secrets are not encrypted in etcd.
- You can use “imagePullSecrets” for authenticating to a private registry.
- secretRef: name: app-secret