K8s Secrets
Retrieve Secret(s)
Retrieving all secrets:
> kubectl get secrets -n foo
NAME TYPE DATA AGE
bar Opaque 2 22d
baz Opaque 1 10d
Retrieving one secret:
> kubectl describe secret foo -n foo-namespace
Name: foo
Namespace: foo-namespace
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
api-key: 32 bytes
app-key: 40 bytes
Retrieve secret values
Retrieve and decode the binary secret:
kubectl get secret <secret-name> -n <namespace> -o jsonpath='{.data.<key>}' |\
base64 --decode
Example:
> kubectl get secret foo -n foo-namespace -o jsonpath='{.data}'
{"api-key":"fffooooo=","app-key":"bbbaaar=="}
Create secret
Create secret from the command line:
kubectl create secret generic foo -n foo-namespace \
--from-literal=api-key="ffffoooo=" \
--from-literal=app-key="bbbbaaar=="
create a secret from YAML with several keys:
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: psql-credentials
type: Opaque
data:
username: $(echo -n "test" | base64 -w0)
password: $(echo -n "test123" | base64 -w0)
EOF
Editing secret
kubectl edit secrets <secret-name>
docker-registry Secrets
kubectl create docker-registry
k create secret docker-registry my-secret \
--docker-server=DOCKER_REGISTRY_SERVER \
--docker-username=DOCKER_USER \
--docker-password=DOCKER_PASSWORD \
--docker-email=DOCKER_EMAIL
To use it:
...
apiVersion: apps/v1
kind: Deployment
metadata:
name: -deployment
spec:
replicas:
selector:
matchLabels:
app:
template:
metadata:
labels:
app:
spec:
imagePullSecrets:
- name: -dockercfg
containers:
- name:
image:
...