How to Use Secrets in Kubernetes
Kubernetes Secrets let you store and manage sensitive information like as passwords, OAuth tokens, ssh keys, etc.
With this article, you'll learn how to use them easily.
What is a Secret in Kubernetes?
A secret is an object that contains sensitive information like passwords, keys, tokens...
To use it, a Pod needs to reference it:
- As files in a volume mounted on one or more of its containers.
- By the
kubeletwhen pulling images for the Pod.
Optimal way to create and mount a Secret
For me the easiest way to use Secrets is defining a YAML and reference them using envFrom/secretRef.
- Here is a yaml configuration file you can use to create a Secret that holds a username and a password:
apiVersion: v1
kind: Secret
metadata:
name: my-secret
data:
username: my-username
password: vdg7JbgkdnRnN03e- Reference the Secret (my-secret-pod.yaml):
kind: Pod
apiVersion: v1
metadata:
name: my-secret-pod
namespace: my-namespace
spec:
containers:
- name: my-container
image: nginx:1.7.9
envFrom:
- secretRef:
name: my-secret- Then you just need to create the Pod:
$ kubectl apply -f my-secret-pod.yaml -n my-namespaceFor more information related to Secrets, please check the Kubernetes documentation.