Kubernetes-Secrets

:ID: 2bdf666d-f2a0-410a-a46a-45815fdf7285

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confidential data in your application code.

YAML

apiVersion: v1
kind: Secret
metadata:
  name: example-secret
type: Opaque
data:
  app-password: NXVQNFNlS3J5dA==
  admin-password: RDBub3Q1VDM0TA==

Accessing a secret

As an environment variable

apiVersion: apps/v1
...
spec:
  template:
  ...
  spec:
    containers:
    ...
    env:
      - name: DATABASE_PASSWORD
	valueFrom:
	  secretKeyRef:
	    name: example-secret
	    key: db-password

As a volume

apiVersion: apps/v1
...
spec:
  template:
  ...
  spec:
    containers: ...
    volumes:
      - name: secrets
	secret:
	  secretName: example-secret
	container: ...
	volumeMounts:
	  - name: secrets
	    mountPath: /etc/example-secrets
	    readOnly: true