|
| 1 | +--- |
| 2 | +--- |
| 3 | + |
| 4 | +{% capture overview %} |
| 5 | +This page shows how to create a Secret and a Pod that has access to the Secret. |
| 6 | +{% endcapture %} |
| 7 | + |
| 8 | +{% capture prerequisites %} |
| 9 | + |
| 10 | +{% include task-tutorial-prereqs.md %} |
| 11 | + |
| 12 | +{% endcapture %} |
| 13 | + |
| 14 | +{% capture steps %} |
| 15 | + |
| 16 | +### Converting your secret data to a base-64 representation |
| 17 | + |
| 18 | +Suppose you want to have two pieces of secret data: a username `my-app` and a password |
| 19 | +`39528$vdg7Jb`. First, use [Base64 encoding](https://www.base64encode.org/) to |
| 20 | +convert your username and password to a base-64 representation. Here's a Linux |
| 21 | +example: |
| 22 | + |
| 23 | + echo 'my-app' | base64 |
| 24 | + echo '39528$vdg7Jb' | base64 |
| 25 | + |
| 26 | +The output shows that the base-64 representation of your username is `bXktYXBwCg==`, |
| 27 | +and the base-64 representation of your password is `Mzk1MjgkdmRnN0piCg==`. |
| 28 | + |
| 29 | +### Creating a Secret |
| 30 | + |
| 31 | +Here is a configuration file you can use to create a Secret that holds your |
| 32 | +username and password: |
| 33 | + |
| 34 | +{% include code.html language="yaml" file="secret.yaml" ghlink="/docs/tasks/administer-cluster/secret.yaml" %} |
| 35 | + |
| 36 | +1. Create the Secret |
| 37 | + |
| 38 | + kubectl create -f http://k8s.io/docs/tasks/administer-cluster/secret.yaml |
| 39 | + |
| 40 | +1. View information about the Secret: |
| 41 | + |
| 42 | + kubectl get secret test-secret |
| 43 | + |
| 44 | + Output: |
| 45 | + |
| 46 | + NAME TYPE DATA AGE |
| 47 | + test-secret Opaque 2 1m |
| 48 | + |
| 49 | + |
| 50 | +1. View more detailed information about the Secret: |
| 51 | + |
| 52 | + kubectl describe secret test-secret |
| 53 | + |
| 54 | + Output: |
| 55 | + |
| 56 | + Name: test-secret |
| 57 | + Namespace: default |
| 58 | + Labels: <none> |
| 59 | + Annotations: <none> |
| 60 | + |
| 61 | + Type: Opaque |
| 62 | + |
| 63 | + Data |
| 64 | + ==== |
| 65 | + password: 13 bytes |
| 66 | + username: 7 bytes |
| 67 | + |
| 68 | +### Creating a Pod that has access to the secret data |
| 69 | + |
| 70 | +Here is a configuration file you can use to create a Pod: |
| 71 | + |
| 72 | +{% include code.html language="yaml" file="secret-pod.yaml" ghlink="/docs/tasks/administer-cluster/secret-pod.yaml" %} |
| 73 | + |
| 74 | +1. Create the Pod: |
| 75 | + |
| 76 | + kubectl create -f http://k8s.io/docs/tasks/administer-cluster/secret-pod.yaml |
| 77 | + |
| 78 | +1. Verify that your Pod is running: |
| 79 | + |
| 80 | + kubectl get pods |
| 81 | + |
| 82 | + Output: |
| 83 | + |
| 84 | + NAME READY STATUS RESTARTS AGE |
| 85 | + secret-test-pod 1/1 Running 0 42m |
| 86 | + |
| 87 | + |
| 88 | +1. Get a shell into the Container that is running in your Pod: |
| 89 | + |
| 90 | + kubectl exec -it secret-test-pod -- /bin/bash |
| 91 | + |
| 92 | +1. In your shell, go to the directory where the secret data is exposed: |
| 93 | + |
| 94 | + root@secret-test-pod:/# cd /etc/secret-volume |
| 95 | + |
| 96 | +1. In your shell, list the files in the `/etc/secret-volume` directory: |
| 97 | + |
| 98 | + root@secret-test-pod:/etc/secret-volume# ls |
| 99 | + |
| 100 | + The output shows two files, one for each piece of secret data: |
| 101 | + |
| 102 | + password username |
| 103 | + |
| 104 | +1. In your shell, display the contents of the `username` and `password` files: |
| 105 | + |
| 106 | + root@secret-test-pod:/etc/secret-volume# cat username password |
| 107 | + |
| 108 | + The output is your username and password: |
| 109 | + |
| 110 | + my-app |
| 111 | + 39528$vdg7Jb |
| 112 | + |
| 113 | +{% endcapture %} |
| 114 | + |
| 115 | +{% capture whatsnext %} |
| 116 | + |
| 117 | +* Learn more about [secrets](/docs/user-guide/secrets/). |
| 118 | +* See [Secret](docs/api-reference/v1/definitions/#_v1_secret). |
| 119 | + |
| 120 | +{% endcapture %} |
| 121 | + |
| 122 | +{% include templates/task.md %} |
0 commit comments