Secrets
It works like a ConfigMap but used to store sensitive data, like passwords.
See also:
Creating secrets
Imperative way:
# getting key-value pairs directly from command line
kubectl create secret generic ${secretName} \
--from-literal=${key}=${value}
# getting key-value pairs from a file
kubectl create secret generic ${secretName} \
--from-file=${filePath}
Declarative way:
apiVersion: v1
kind: Secret
metadata:
name: app-secret
data:
DB_Host: base64EncodedHost
DB_User: base64EncodedUser
DB_Password: base64EncodedPassword
Secrets in Pods
pod.spec.containers:
- envFrom:
- secretRef:
name: app-secret # secret's name
3 ways to use Secrets in Pods:
- env var from whole secret
- single env var from the secret
- volume
# env var from whole secret
pod.spec.containers:
- envFrom:
- secretRef:
name: app-secret
# single env var from the config map
pod.spec.containers:
env:
- name: DB_Password
valueFrom:
secretKeyRef:
name: app-secret
key: DB_Password
# volume
pod.spec.containers:
volumes:
- name: app-config-volume
secret:
secretName: app-secret
If you set the secret as a volume, kubernetes creates a directory /opt/app-secret-volumes
with the contents of the secret in files.