Kubernetes Secrets | Secure Data Management
Labby
Posted on October 2, 2024
Introduction
This article covers the following tech skills:
In this lab, you will learn how to use Kubernetes Secrets to securely manage sensitive information such as passwords, API keys, and other confidential data. You will create a secret, use it in your application, and verify that the application is properly configured. Each step builds upon the previous one, so make sure you follow along carefully.
Create A Secret
In this step, you will create a Kubernetes Secret that contains a database password.
Create a file named my-secret.yaml
with the following contents:
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
password: dXNlcm5hbWU6cGFzc3dvcmQ=
In this file, we specify the name of the Secret (my-secret
), the type of data it contains (Opaque
), and the actual data in Base64-encoded format.
Apply the Secret to your cluster by running the following command:
kubectl apply -f my-secret.yaml
Verify that the Secret was created by running the following command:
kubectl get secrets
You should see the my-secret
Secret listed.
Use The Secret In Your Application
In this step, you will modify your application to use the my-secret
Secret to retrieve the database password.
Create a file named my-app.yaml
with the following contents:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
image: nginx:latest
env:
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret
key: password
In this file, we specify the name of the Deployment (my-app
), the image to use (my-image
), and the environment variable to set (DATABASE_PASSWORD
). We also use a secretKeyRef
to retrieve the password
key from the my-secret
Secret.
Apply the Deployment to your cluster by running the following command:
kubectl apply -f my-app.yaml
Verify that the Deployment was created by running the following command:
kubectl get deployments
You should see the my-app
Deployment listed.
Verify The Configuration
In this step, you will verify that your application is properly configured with the database password from the my-secret
Secret.
Find the name of the pod running your application by running the following command:
kubectl get pods -l app=my-app
You should see a single pod running your application. Note the name of the pod.
Next, run the following command to open a shell session in the container running your application:
kubectl exec -it sh < pod-name > --
Replace <pod-name>
with the name of the pod that you noted earlier.
Once you are in the shell session, run the following command to print the value of the DATABASE_PASSWORD
environment variable:
echo $DATABASE_PASSWORD
You should see the database password that was retrieved from the my-secret
Secret.
Mount The Secret As A Volume In A Pod
Now that we have created the secret, we can mount it as a volume in a pod. We will create a simple pod that reads the secret value from the mounted volume and outputs it to the console.
Create a file named pod.yaml
with the following contents:
apiVersion: v1
kind: Pod
metadata:
name: secret-pod
spec:
containers:
- name: secret-container
image: nginx
volumeMounts:
- name: secret-volume
mountPath: /etc/secret-volume
volumes:
- name: secret-volume
secret:
secretName: my-secret
Apply the pod configuration:
kubectl apply -f pod.yaml
Verify The Secret As A Volume In A Pod
In this step, you will verify that your application is properly configured with the database password from the my-secret
Secret.
First, run the following command to open a shell session in the container running your application:
kubectl exec -it secret-pod -- sh
Once you are in the shell session, run the following command to print the value:
cat /etc/secret-volume/password
The output should be the value of the secret.
Summary
In this lab, we learned how to use Kubernetes secrets to store sensitive information and how to use them in a pod. Secrets provide a secure way to manage sensitive information and should be used whenever possible to avoid exposing secrets in plaintext.
🚀 Practice Now: Configuring Apps with Secrets
Want to Learn More?
- 🌳 Learn the latest Kubernetes Skill Trees
- 📖 Read More Kubernetes Tutorials
- 💬 Join our Discord or tweet us @WeAreLabEx
Posted on October 2, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.