change dir name orch,container

2025-10-04 09:53:08 +03:30
parent 1c472e4b94
commit 6beeea3e5c
43 changed files with 0 additions and 0 deletions
--- a/Containerization-Orchestration/Kubernetes/workloads/13-Secret.md
+++ b/Containerization-Orchestration/Kubernetes/workloads/13-Secret.md
@@ -0,0 +1,78 @@
+# 🔐 Kubernetes Secrets Guide
+
+Kubernetes **Secrets** are used to store and manage sensitive information such as passwords, OAuth tokens, and SSH keys. Unlike ConfigMaps, they are specifically designed for confidential data.
+
+---
+
+## 📌 Types of Kubernetes Secrets
+
+| **Built-in Type**                     | **Usage**                               |
+| ------------------------------------- | --------------------------------------- |
+| `Opaque`                              | Arbitrary user-defined data             |
+| `kubernetes.io/service-account-token` | ServiceAccount token                    |
+| `kubernetes.io/dockercfg`             | Serialized `~/.dockercfg` file          |
+| `kubernetes.io/dockerconfigjson`      | Serialized `~/.docker/config.json` file |
+| `kubernetes.io/basic-auth`            | Credentials for basic authentication    |
+| `kubernetes.io/ssh-auth`              | Credentials for SSH authentication      |
+| `kubernetes.io/tls`                   | Data for a TLS client or server         |
+| `bootstrap.kubernetes.io/token`       | Bootstrap token data                    |
+
+---
+
+## 📂 Creating a Secret
+
+You can create a Secret directly with `kubectl`:
+
+```bash
+kubectl create secret generic db-pass --from-literal=password='123'
+```
+
+Verify it exists:
+
+```bash
+kubectl get secret db-pass
+```
+
+---
+
+## 📜 Secret YAML Example
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: db-pass
+type: Opaque
+stringData:
+  password: '123'
+```
+
+---
+
+## 🚀 Using a Secret in a Pod
+
+Secrets can be injected into a Pod as **environment variables**:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mariadb-db
+spec:
+  containers:
+    - name: mariadb
+      image: mariadb
+      env:
+        - name: MARIADB_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: db-pass
+              key: password
+```
+
+This example sets the MariaDB root password from the `db-pass` Secret.
+
+---
+
+✅ **Pro Tip**: Always base64-encode values when writing Secrets directly in YAML. Kubernetes expects the `data` field in base64, not plaintext.
+