Secrets in Kubernetes

Kubernetes is a great orchestration tool. It  allows to deploy and easily manage dockerized applications and be able to scale them properly. There are many tutorials on how to set up your own cluster or use one of the managed ones in any cloud provider. But in this post i want to focus on the secrets objects.

Secrets in Kubernetes are objects that handler sensitive data such as Usernames, passwords, connection strings, etc.

So far so good. However lets give a closer look on how to create a secret object in Kubernetes. Here is reported an example:

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm

This object is a secret object called “mysecret”. It contains two data fields. One key called username and one key called password. The value of each key must be encoded in base64.  For example the value “admin” has been encoded in base64 resulting in “YWRtaW4=” .

Accessing secrets is also pretty straight forward. For example a Pods can access this secrets and load it as env variable with the following lines:

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: password
  restartPolicy: Never

 

This post is related to the base 64 and echo command post.

 

Leave a Reply

Your email address will not be published. Required fields are marked *