As a developer delving into the world of Kubernetes, you’ll quickly discover the importance of managing sensitive information such as API keys, passwords, and certificates. Kubernetes Secrets provides a secure and convenient way to store and manage such sensitive data.
In this tutorial, we’ll explore the imperative method of creating Kubernetes Secrets, which involves using command-line tools directly.
What is a Kubernetes Secret?
A Kubernetes Secret is an object that enables you to store and manage sensitive information. Secrets help you keep this sensitive data separate from your application code. By using Secrets, you avoid exposing sensitive data in your application configuration files, thus enhancing security.
Why Use the Imperative Method?
The imperative method is straightforward and fast, making it ideal for quick tasks and scripting. This approach allows you to create Secrets directly from the command line without needing to write YAML configuration files.
Getting Started
Before you begin, ensure you have a Kubernetes cluster up and running and the kubectl command-line tool installed and configured to interact with your cluster.
If you don’t have a cluster, you can refer to my tutorial to install a kubernetes cluster.
Creating a Generic Secret
Let’s start by creating a generic Secret that stores simple key-value pairs. This secret is usually used for storing ENV that contain sensitive information. For example, suppose you want to store a DB_USERNAME and DB_PASSWORD, you can run this command:
kubectl create secret generic my-secret --from-literal=DB_USERNAME=admin --from-literal=DB_PASSWORD=secretpassword
This command will create a generic Secret named my-secret. We use --from-literal= to define the key-value pairs in plain text. The kubectl will then encode the plain text into base64 format.
You can verify that the Secret has been created using:
kubectl get secrets my-secret -o yaml
You will get this yaml definition:
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
DB_USERNAME: YWRtaW4= # base64 encoded value of 'admin'
DB_PASSWORD: c2VjcmV0cGFzc3dvcmQ= # base64 encoded value of 'secretpassword'
Creating a TLS Secret
Sometimes, you may need to create a TLS Secret for your application. Let’s create a Secret that includes a TLS certificate and a private key.
Suppose you have tls.crt and tls.key files in your current directory. You can create the Secret as follows:
kubectl create secret tls my-tls-secret --cert=tls.crt --key=tls.key
This command will create a TLS Secret named my-secret. We use --cert=tls.crt --key=tls.key to specify the tls certificate and key files we want to save to the secret.
You can verify and inspect the Secret using the same commands as before.
kubectl get secrets my-tls-secret -o yaml
You will get this yaml definition:
apiVersion: v1
kind: Secret
metadata:
name: my-tls-secret
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FUR...
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVkt...
Creating a Docker Registry Secret
If you need to pull images from a private Docker registry, you must create a Docker registry Secret. Here’s how you can create one.
kubectl create secret docker-registry my-docker-secret \
--docker-username=admin \
--docker-password=secretPassword \
[email protected] \
--docker-server=harbor.facsiaginsa.com
You can verify and inspect the Secret using the same commands as before.
kubectl get secrets my-docker-secret -o yaml
You will get this yaml definition:
apiVersion: v1
kind: Secret
metadata:
name: my-docker-secret
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: eyJhdXRocyI6eyJoYXJib3IuZmFjc2lhZ2luc2EuY29tIjp7InVz...
Conclusion
We have explored how to create Kubernetes Secrets using the imperative method. This approach is ideal for quick and efficient management of Secrets directly from the command line. By understanding how to create Secrets, you can better manage sensitive information in your Kubernetes cluster and enhance your application’s security.