From 47b8e7d2009b8452b8f670540e6a5766903328b5 Mon Sep 17 00:00:00 2001
From: root <pirouz.radin@yahoo.com>
Date: Fri, 1 Aug 2025 21:04:22 +0330
Subject: [PATCH] kuber doc: added secret

---
 .../Kubernetes/workloads/13-Secret.md         | 78 +++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 Containerization & Orchestration/Kubernetes/workloads/13-Secret.md

diff --git a/Containerization & Orchestration/Kubernetes/workloads/13-Secret.md b/Containerization & Orchestration/Kubernetes/workloads/13-Secret.md
new file mode 100644
index 0000000..7046c01
--- /dev/null
+++ b/Containerization & Orchestration/Kubernetes/workloads/13-Secret.md	
@@ -0,0 +1,78 @@
+# 🔐 Kubernetes Secrets Guide
+
+Kubernetes **Secrets** are used to store and manage sensitive information such as passwords, OAuth tokens, and SSH keys. Unlike ConfigMaps, they are specifically designed for confidential data.
+
+---
+
+## 📌 Types of Kubernetes Secrets
+
+| **Built-in Type**                     | **Usage**                               |
+| ------------------------------------- | --------------------------------------- |
+| `Opaque`                              | Arbitrary user-defined data             |
+| `kubernetes.io/service-account-token` | ServiceAccount token                    |
+| `kubernetes.io/dockercfg`             | Serialized `~/.dockercfg` file          |
+| `kubernetes.io/dockerconfigjson`      | Serialized `~/.docker/config.json` file |
+| `kubernetes.io/basic-auth`            | Credentials for basic authentication    |
+| `kubernetes.io/ssh-auth`              | Credentials for SSH authentication      |
+| `kubernetes.io/tls`                   | Data for a TLS client or server         |
+| `bootstrap.kubernetes.io/token`       | Bootstrap token data                    |
+
+---
+
+## 📂 Creating a Secret
+
+You can create a Secret directly with `kubectl`:
+
+```bash
+kubectl create secret generic db-pass --from-literal=password='123'
+```
+
+Verify it exists:
+
+```bash
+kubectl get secret db-pass
+```
+
+---
+
+## 📜 Secret YAML Example
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: db-pass
+type: Opaque
+data:
+  password: '123'
+```
+
+---
+
+## 🚀 Using a Secret in a Pod
+
+Secrets can be injected into a Pod as **environment variables**:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mariadb-db
+spec:
+  containers:
+    - name: mariadb
+      image: mariadb
+      env:
+        - name: MARIADB_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: db-pass
+              key: password
+```
+
+This example sets the MariaDB root password from the `db-pass` Secret.
+
+---
+
+✅ **Pro Tip**: Always base64-encode values when writing Secrets directly in YAML. Kubernetes expects the `data` field in base64, not plaintext.
+