Scribd Logo
Upload

Welcome to Scribd!

  • CS 01 Secrets

    Uploaded by

    Savo
    12 views2 pages

    Original Title

    CS_01_secrets

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views2 pages

    CS 01 Secrets

    Uploaded by

    Savo

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Secrets 01

    Creating secret will full file content Map the created secret as an environment variable in the pod specification.

    echo -n "mysecret" > ./secret.txt vi secret.txt


    kubectl create secret generic mysecret --from- name=savo
    file=./secret.txt password=12345

    Creating secret from a file with key-values kubectl create secret generic mysecret --from-env-
    file=./secret.txt
    vi secret2.txt
    name=savo Pod yaml file to load secrets from key pair
    password=12345
    apiVersion: v1
    kubectl create secret generic newsecret --from-env-
    kind: Pod
    file=./secret2.txt
    metadata:
    labels:
    Creating secret from literal run: secret-env-pod
    name: secret-env-pod
    kubectl create secret generic literal-token --from- spec:
    literal user=savo --from-literal password=123456 containers:
    - image: redis
    Creating secret from YAML name: secret-env-pod
    env:
    # generate base64 - name: SECRET_USERNAME
    echo -n 'admin' | base64 # YWRtaW4= valueFrom:
    echo -n 'password' | base64 # cGFzc3dvcmQ= secretKeyRef:
    name: mysecret
    #add them to secret yaml file key: username
    apiVersion: v1 - name: SECRET_PASSWORD
    kind: Secret valueFrom:
    metadata: secretKeyRef:
    name: testsecret name: mysecret
    type: Opaque key: password
    data: restartPolicy: Never
    username: YWRtaW4=
    password: cGFzc3dvcmQ=
    Secrets 02
    Map the created secret as an environment variable in the pod specification. KodeKloud example of pod(reference existing db-secret)

    echo -n "mysecret1" > ./secret1.txt ---


    kubectl create secret generic mysecret1 --from- apiVersion: v1
    file=./secret1.txt kind: Pod
    metadata:
    apiVersion: v1 labels:
    kind: Pod name: webapp-pod
    metadata: name: webapp-pod
    labels: namespace: default
    run: secret-pv-shit spec:
    name: secret-pv-shit containers:
    spec: - image: kodekloud/simple-webapp-mysql
    volumes: imagePullPolicy: Always
    - name: secret-volume name: webapp
    # secret volume envFrom:
    secret: - secretRef:
    secretName: mysecret1 name: db-secret
    containers:
    - image: busybox #-> Create secret from file, together with key names
    name: secret-admin
    command: echo "savo" > username.txt
    - sleep controlplane $ echo "12345" > password.txt
    args:
    - "4800" kubectl create secret generic db-user-pass --from-
    volumeMounts: file=./username.txt --from-file=./password.txt
    - name: secret-volume
    readOnly: true kubectl create secret generic fundb-user-pass --from-
    mountPath: "/etc/secret-volume" file=funusername=./username.txt --from-
    file=funpassword=./password.txt
    #-> encode, decode base64
    #-> get passwords
    echo -n 'savo' | base64 kubectl get secret db-user-pass -o jsonpath='{.data}'
    echo 'c2F2bwo=' | base64 --d

    You might also like