Kubernetes — Managing Secret
2 min read
Happy to join back to my Kubernetes series. In our previous blogs on k8s we have done the following:
Kubernetes setup in AWS:
Let’s learn some best practices on handling the credentials in Kubernetes.
There are several methods of handling secrets in Kubernetes. this is mainly meant to use mission-critical information which is not to be exposed in the codebase.
First, let’s create a deployment with all our required secrets, to proceed further, base64 encoded secrets are required which are to be deployed
apiVersion: v1 data: DATABASE_NAME: YW5pbWAFrASDZXJfZGV2 DATABASE_USER: YW5pASDbWFFwcDFAASVzZXI= DATABASE_HOST:YW5pbWFrZXItZGV2ZWASDxvcC5jOWtwaTFDAFhaTE5ZWMudXMtd2VzdC0yLnJkcy5hbWF6b25hd3MuYASD29t DATABASE_PORT: MzSDFDSFMwNg== DATABASE_PASSWORD: QU5ASXCXZSW1hYSFQUHVzMQ== kind: Secret metadata: name: demo namespace: default type: Opaque
To create base64 encoded values:
echo 'k8s-demo' | base64
To confirm your input is the same as the output decode and verify it
echo 'azhzLWRlbW8K' | base64 --decode
Once you have all the secrets ready, let’s move to pod deployment. Below is a sample excerpt of the secrets.yaml file
I have updated my database credentials with this deployment. Once done. deploy it
kubectl apply -f secrets.yaml
verify your deployment by kubectl get secrets demo
Hmm, in-order to use this as env variable in our pods/container. Modify the deployment configuration as shown below and proceed with your pod deployments.
containers: - name: jenkins-app image: <IMAGE REPO URL> env: - name: SECRET_KEY valueFrom: secretKeyRef: name: demo key: SECRET_KEY - name: GOOGLE_OAUTH2_KEY valueFrom: secretKeyRef: name: demo key: GOOGLE_OAUTH2_KEY - name: GOOGLE_OAUTH2_SECRET valueFrom: secretKeyRef: name: demo key: GOOGLE_OAUTH2_SECRET
To confirm your setup; SSH into the pod and list all the environment variables. you can see all the fields which we have mapped thus far.
Originally published at https://opsinsights.dev on April 22, 2019.
Did you find this article valuable?
Support Jothimani Radhakrishnan by becoming a sponsor. Any amount is appreciated!