Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image
Secrets same as ConfigMap sensitive data( password Authtoken ssh keys)
1. Secrets to store the confidential data
2. Secrets use by default base64 algorithm to encode the data
3. Secrets are mapped to pod where these are decoded on Pod level
4. It stores the data in Key-Value pair
5. from file and from literal
6. Data should not be more than 1 MB
7. you can store the data from text files
8. Secret data is stored in etcd database
LAB
# 1. Creating Secret using Kubectl & Consuming it from "volumes" inside Pod
1a. Creating secret using "Kubectl":
------------------------------------
echo -n 'admin' > username.txt
echo -n 'pa$$w00rd' > password.txt
kubectl create secret generic nginx-secret-vol --from-file=username.txt --from-file=password.txt
# rm -f username.txt password.txt
kubectl get secrets
kubectl describe secrets nginx-secret-vol
1b. Consuming "nginx-secret-vol" from "volumes" inside Pod
1c. Create | Display | Validate:
--------------------------------
Create
kubectl create -f nginx-pod-secret-vol.yaml
Display
kubectl get po
kubectl get secrets
kubectl describe pod nginx-pod-secret-vol
Validate from "inside" the pod
kubectl exec nginx-pod-secret-vol -it /bin/sh
cd /etc/confidential
ls
cat username.txt
cat password.txt
exit
(OR)
Validate from "outside" the pod
kubectl exec nginx-pod-secret-vol ls /etc/confidential
kubectl exec nginx-pod-secret-vol cat /etc/confidential/username.txt
kubectl exec nginx-pod-secret-vol cat /etc/confidential/password.txt
2. Creating Secret "manually" using YAML file & Consuming it from "environment variables" inside Pod
Creating Secret using YAML file:
-------------------------------------
# Encoding secret
echo -n 'admin' | base64
echo -n 'pa$$w00rd' | base64
# YAML file
kubectl create -f redis-secret-env.yaml
kubectl get secret
kubectl describe secret redis-secret-env
2b. Consuming “redis-secret-env” secret from “Environment Variables” inside pod
2c. Create | Display | Validate:
# Create
kubectl create -f redis-pod-secret-env.yaml
# Display
kubectl get pods
kubectl get secrets
kubectl describe pod redis-pod-secret-env
# Validate from "inside" the pod
kubectl exec redis-pod-secret-env -it /bin/sh
env | grep SECRET
exit
(OR)
# Validate from "outside" the pod
kubectl exec redis-pod-secret-env env | grep SECRET
***************************************************************************
#Decode the secrets
kubectl get secret redis-secret-env -o yaml
echo 'cGEkJHcwMHJk' | base64 --decode
*************************************************************************************************************************************************
3. Cleanup
# Delete secrets
kubectl delete secrets nginx-secret-vol redis-secret-env
# Delete pods
kubectl delete pods nginx-pod-secret-vol redis-pod-secret-env
# Validate
kubectl get pods
kubectl get secrets
Comments
Post a Comment