Secrets in Kubernetes: If you are deploying some containerize applications in Kubernetes so that the configuration of these applications contains some sensitive data such as username, passwords, keys, etc. This data is very sensitive in nature it is strongly recommended that not use that sensitive data in plain text format in the manifest file.
How do you manage such sensitive data in kubernetes?
The answer is kubernetes secrets, let’s start exploring kubernetes secrets?
Kubernetes secret is an object that contains a small amount of sensitive data which includes passwords, keys, tokens, etc. It Secrets is the solution to handling and managing the secrets inside pod manifest files, so the main aim of the secrets is to reduce the risk of accidental exposure of confidential data.
Kubernetes secrets are created outside of Pods, once it gets created it can be deployed on any pod and any number of times, so we do create secrets before it can be used anywhere inside the pod.
K8’s secrets are store inside etcd database on kubernetes.
You can store secrets as a :
- Literal Value
- File
- Directory
The maximum size of kubernetes secrets is 1 MB. so secrets cannot be more than 1 MB.
Once secrets are created the question is how do we inject into a pod?
There are two ways to inject secrets into pods:
- Volumes
- Env variables
You can mount secrets as volume or expose secrets as environment variables inside a Pod.
There are two ways to create secrets :
- kubectl command
- Manifest File
Creating Secrets Using Kubectl Method:
Syntax:
Mostly we use generic type in the secrets.
let’s create a secret as a file.
EXAMPLE
Create a separate file for username and password which you are going to make it secret.
Now, File is created let’s create a secret of that username and password file.
You have successfully created secrets of the username and password text file which contains username and password. you can get the secret with the following command:
Get more details of the created secrets, you can run the following command:
You can see that data is hidden, that’s the beauty of the secrets we cannot see it.
Creating Secrets Using Manifest file:
You can create secrets manually by creating the manifest file of the secrets
EXAMPLE
First you create a secrets in an encrypted form:
So this is our data in the base64 encrypted form now let’s create a manifest file of that data.
now we are going to create the secrets using the above secret manifest file.
Now the secret is successfully created,
we can see our secret name is mysecret.
Consuming Secrets in Pods
Till now we have learned how to create secrets from kubectl method or manually using the manifest file but the question is that how we can consume the created secrets in pods?
So there are two ways as I said earlier the first is using volumes and the other method is using Env variables. so let us start to learn each method.
Using Volumes:
In the above example, we create a secret with the name mysecret, now we are going to consume that created secret.
Let’s see that How we can inject secrets as a volume in a Pod manifest file:
Now let’s create a pod of the above manifest file.
So the pod has been created
we can see that pod is running, let’s see are secrets mount in a volume.
we can see that the volume directory “/secrets” has secret files which are username and password which contains actually decoded data that’s the beauty of the secrets.
Using Environment Variables:
Now, we are going to consume secrets as pod environment variables.
you can specify the secrets file or value in an env section in a pod manifest file like:
We can see in the above secret manifest file that we pass our secret as an env variable. We just give the name and key of the created Kubernetes secret then it will automatically inject the secret value of that secret with the help of the key.
now, Pod has been created to let’s check the status.
The pod is running now let’s go to verify the environment variables of the pod.
We can see that the secrets variables are available as a pod Env variable.
References:
That’s all for now, I will follow it up with more knowledge on this topic next time.
Thank you for sticking to the end. If you like this blog, please do show your appreciation by giving thumbs-ups and share this blog and give me suggestions on how I can improve my future posts to suit your needs. Follow me to get updates on different technologies open document settings open publish panel.