Open in app

Sign in

Write

Sign in

Kubernetes Secrets | Secure Data Management

LabEx
4 min readOct 2, 2024

--

Cover

Introduction

This article covers the following tech skills:

Skills Graph

In this lab, you will learn how to use Kubernetes Secrets to securely manage sensitive information such as passwords, API keys, and other confidential data. You will create a secret, use it in your application, and verify that the application is properly configured. Each step builds upon the previous one, so make sure you follow along carefully.

Create A Secret

In this step, you will create a Kubernetes Secret that contains a database password.

Create a file named my-secret.yaml with the following contents:

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  password: dXNlcm5hbWU6cGFzc3dvcmQ=

In this file, we specify the name of the Secret (my-secret), the type of data it contains (Opaque), and the actual data in Base64-encoded format.

Apply the Secret to your cluster by running the following command:

kubectl apply -f my-secret.yaml

Verify that the Secret was created by running the following command:

kubectl get secrets

You should see the my-secret Secret listed.

lab-configuring-apps-with-secrets-1

Use The Secret In Your Application

In this step, you will modify your application to use the my-secret Secret to retrieve the database password.

Create a file named my-app.yaml with the following contents:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
        - name: my-app
          image: nginx:latest
          env:
            - name: DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: my-secret
                  key: password

In this file, we specify the name of the Deployment (my-app), the image to use (my-image), and the environment variable to set (DATABASE_PASSWORD). We also use a secretKeyRef to retrieve the password key from the my-secret Secret.

Apply the Deployment to your cluster by running the following command:

kubectl apply -f my-app.yaml

Verify that the Deployment was created by running the following command:

kubectl get deployments

You should see the my-app Deployment listed.

lab-configuring-apps-with-secrets-2

Verify The Configuration

In this step, you will verify that your application is properly configured with the database password from the my-secret Secret.

Find the name of the pod running your application by running the following command:

kubectl get pods -l app=my-app

You should see a single pod running your application. Note the name of the pod.

Next, run the following command to open a shell session in the container running your application:

kubectl exec -it sh < pod-name > --

Replace <pod-name> with the name of the pod that you noted earlier.

Once you are in the shell session, run the following command to print the value of the DATABASE_PASSWORD environment variable:

echo $DATABASE_PASSWORD

You should see the database password that was retrieved from the my-secret Secret.

lab-configuring-apps-with-secrets-3

Mount The Secret As A Volume In A Pod

Now that we have created the secret, we can mount it as a volume in a pod. We will create a simple pod that reads the secret value from the mounted volume and outputs it to the console.

Create a file named pod.yaml with the following contents:

apiVersion: v1
kind: Pod
metadata:
  name: secret-pod
spec:
  containers:
    - name: secret-container
      image: nginx
      volumeMounts:
        - name: secret-volume
          mountPath: /etc/secret-volume
  volumes:
    - name: secret-volume
      secret:
        secretName: my-secret

Apply the pod configuration:

kubectl apply -f pod.yaml

Verify The Secret As A Volume In A Pod

In this step, you will verify that your application is properly configured with the database password from the my-secret Secret.

First, run the following command to open a shell session in the container running your application:

kubectl exec -it secret-pod -- sh

Once you are in the shell session, run the following command to print the value:

cat /etc/secret-volume/password

The output should be the value of the secret.

lab-configuring-apps-with-secrets-5

Summary

In this lab, we learned how to use Kubernetes secrets to store sensitive information and how to use them in a pod. Secrets provide a secure way to manage sensitive information and should be used whenever possible to avoid exposing secrets in plaintext.

MindMap

🚀 Practice Now: Configuring Apps with Secrets

Want to Learn More?

Labex
Kubernetes
Coding
Programming
Tutorial

--

--

LabEx
LabEx

Written by LabEx

30 Followers
4 Following

LabEx is an AI-assisted, hands-on learning platform for tech enthusiasts, covering Programming, Data Science, Linux and other areas.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams