Secrets are incredibly crucial. Why? Because we don't want things in plain text. API keys, passwords, connect strings, etc. should all be hidden. Today we're going to see how we can manage k8s secrets.
For my Dev environment, I've simply spun up minikube. You'll need to confirm how to do this for your Operating System.
Spin up a simple Nginx pod.
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:latest
The above is a Kubernetes manifest that will spin up a 1 pod of Nginx.
In the same directory that your nginx.yml lives, run kubectl create -f nginx.yml to run your deployment.
Now you can create a new secret by creating a new secret manifest.
apiVersion: v1kind: Secretmetadata: name: new-secrettype: Opaquedata: password: MWYyZDFlMmU2N2Rm
Go ahead and run kubectl apply -f secret.yml to create the new secret.
Now that you have a secret created, go ahead and look at the contents of the secret. By running kubectl get secret new-secret -o yaml I can see the secret metadata.
Now that you have the secret, you can re-deploy nginx with the secret attached.
apiVersion: v1kind: Podmetadata: name: nginxspec: containers: - name: nginx image: nginx:latest volumeMounts: - name: service mountPath: /root/ volumes: - name: service secret: secretName: my-secret
Simply add the secret call in your manifest and let your manifest know which secret you want to use. The volume mounts are to specify where you want your secret to live within your pod.
run kubectl apply -f nginx.yml to create your new pod.
You have now created a new pod and attached a secret! Thanks for reading.
