kuber doc: added secret
This commit is contained in:
@@ -0,0 +1,78 @@
|
|||||||
|
# 🔐 Kubernetes Secrets Guide
|
||||||
|
|
||||||
|
Kubernetes **Secrets** are used to store and manage sensitive information such as passwords, OAuth tokens, and SSH keys. Unlike ConfigMaps, they are specifically designed for confidential data.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 📌 Types of Kubernetes Secrets
|
||||||
|
|
||||||
|
| **Built-in Type** | **Usage** |
|
||||||
|
| ------------------------------------- | --------------------------------------- |
|
||||||
|
| `Opaque` | Arbitrary user-defined data |
|
||||||
|
| `kubernetes.io/service-account-token` | ServiceAccount token |
|
||||||
|
| `kubernetes.io/dockercfg` | Serialized `~/.dockercfg` file |
|
||||||
|
| `kubernetes.io/dockerconfigjson` | Serialized `~/.docker/config.json` file |
|
||||||
|
| `kubernetes.io/basic-auth` | Credentials for basic authentication |
|
||||||
|
| `kubernetes.io/ssh-auth` | Credentials for SSH authentication |
|
||||||
|
| `kubernetes.io/tls` | Data for a TLS client or server |
|
||||||
|
| `bootstrap.kubernetes.io/token` | Bootstrap token data |
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 📂 Creating a Secret
|
||||||
|
|
||||||
|
You can create a Secret directly with `kubectl`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
kubectl create secret generic db-pass --from-literal=password='123'
|
||||||
|
```
|
||||||
|
|
||||||
|
Verify it exists:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
kubectl get secret db-pass
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 📜 Secret YAML Example
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: db-pass
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
password: '123'
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 🚀 Using a Secret in a Pod
|
||||||
|
|
||||||
|
Secrets can be injected into a Pod as **environment variables**:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: mariadb-db
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: mariadb
|
||||||
|
image: mariadb
|
||||||
|
env:
|
||||||
|
- name: MARIADB_ROOT_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: db-pass
|
||||||
|
key: password
|
||||||
|
```
|
||||||
|
|
||||||
|
This example sets the MariaDB root password from the `db-pass` Secret.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
✅ **Pro Tip**: Always base64-encode values when writing Secrets directly in YAML. Kubernetes expects the `data` field in base64, not plaintext.
|
||||||
|
|
||||||
Reference in New Issue
Block a user