K8s-Secret.md

LAB: K8s Secret

This scenario shows:

• how to create secrets with file,
• how to use secrets: volume and environment variable,
• how to create secrets with command,
• how to get/delete secrets

Steps

• Run minikube (in this scenario, K8s runs on WSL2- Ubuntu 20.04) ("minikube start")

• Create Yaml file (secret.yaml) in your directory and copy the below definition into the file.
• File: https://github.com/omerbsezer/Fast-Kubernetes/blob/main/labs/secret/secret.yaml

# Secret Object Creation  
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
stringData:
  db_server: db.example.com
  db_username: admin
  db_password: P@ssw0rd!

• Create Yaml file (secret-pods.yaml) in your directory and copy the below definition into the file.
• 3 Pods:
  • secret binding using volume
  • secret binding environment variable: 1. explicitly, 2. implicitly
• File: https://github.com/omerbsezer/Fast-Kubernetes/blob/main/labs/secret/secret-pods.yaml

apiVersion: v1
kind: Pod
metadata:
  name: secretvolumepod
spec:
  containers:
  - name: secretcontainer
    image: nginx
    volumeMounts:
    - name: secret-vol
      mountPath: /secret
  volumes:
  - name: secret-vol
    secret:
      secretName: mysecret
---
apiVersion: v1
kind: Pod
metadata:
  name: secretenvpod
spec:
  containers:
  - name: secretcontainer
    image: nginx
    env:
      - name: username
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: db_username
      - name: password
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: db_password
      - name: server
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: db_server
---
apiVersion: v1
kind: Pod
metadata:
  name: secretenvallpod
spec:
  containers:
  - name: secretcontainer
    image: nginx
    envFrom:
    - secretRef:
        name: mysecret

• Create secret object:

• Create pods:

• Describe secret to see details:

• Run bash in the secretvolumepod (1st pod):

• Run "printenv" command in the secretenvpod (2nd pod):

• Run "printenv" command in the secretenvallpod (3rd pod):

• Create new secret with imperative way:

kubectl create secret generic mysecret2 --from-literal=db_server=db.example.com --from-literal=db_username=admin --from-literal=db_password=P@ssw0rd!

• Create new secret using files (avoid to see in the history command list).
• Create file on the same directory before to run command (e.g. "touch server.txt"):
  • server.txt => put into "db.example.com" with "cat" command
  • password.txt => put into "password" with "cat" command
  • username.txt => put into "admin" with "cat" command
• Files:
  • https://github.com/omerbsezer/Fast-Kubernetes/blob/main/labs/secret/server.txt
  • https://github.com/omerbsezer/Fast-Kubernetes/blob/main/labs/secret/password.txt
  • https://github.com/omerbsezer/Fast-Kubernetes/blob/main/labs/secret/username.txt

kubectl create secret generic mysecret3 --from-file=db_server=server.txt --from-file=db_username=username.txt --from-file=db_password=password.txt

• Create json file (config.json) and put following content.
• File: https://github.com/omerbsezer/Fast-Kubernetes/blob/main/labs/secret/config.json

{
    "apiKey": "7ac4108d4b2212f2c30c71dfa279e1f77dd12356",
}

kubectl create secret generic mysecret4 --from-file=config.json

• Delete mysecret4: