2.0 KiB
2.0 KiB
🔐 Kubernetes Secrets Guide
Kubernetes Secrets are used to store and manage sensitive information such as passwords, OAuth tokens, and SSH keys. Unlike ConfigMaps, they are specifically designed for confidential data.
📌 Types of Kubernetes Secrets
| Built-in Type | Usage |
|---|---|
Opaque |
Arbitrary user-defined data |
kubernetes.io/service-account-token |
ServiceAccount token |
kubernetes.io/dockercfg |
Serialized ~/.dockercfg file |
kubernetes.io/dockerconfigjson |
Serialized ~/.docker/config.json file |
kubernetes.io/basic-auth |
Credentials for basic authentication |
kubernetes.io/ssh-auth |
Credentials for SSH authentication |
kubernetes.io/tls |
Data for a TLS client or server |
bootstrap.kubernetes.io/token |
Bootstrap token data |
📂 Creating a Secret
You can create a Secret directly with kubectl:
kubectl create secret generic db-pass --from-literal=password='123'
Verify it exists:
kubectl get secret db-pass
📜 Secret YAML Example
apiVersion: v1
kind: Secret
metadata:
name: db-pass
type: Opaque
stringData:
password: '123'
🚀 Using a Secret in a Pod
Secrets can be injected into a Pod as environment variables:
apiVersion: v1
kind: Pod
metadata:
name: mariadb-db
spec:
containers:
- name: mariadb
image: mariadb
env:
- name: MARIADB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-pass
key: password
This example sets the MariaDB root password from the db-pass Secret.
✅ Pro Tip: Always base64-encode values when writing Secrets directly in YAML. Kubernetes expects the data field in base64, not plaintext.