kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update formatting and style

This commit is contained in:
Shannon Kularathna 2021-04-26 19:35:56 +00:00
parent 2318028ec4
commit e084eefad6
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
content/en/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
View File

@ -1,5 +1,5 @@
--- ---
title: Managing Secret using kubectl title: Managing Secrets using kubectl
content_type: task content_type: task
weight: 10 weight: 10
description: Creating Secret objects using kubectl command line. description: Creating Secret objects using kubectl command line.
@ -15,7 +15,7 @@ description: Creating Secret objects using kubectl command line.
## Create a Secret ## Create a Secret
A `Secret` can contain user credentials required by Pods to access a database. A `Secret` can contain user credentials required by pods to access a database.
For example, a database connection string consists of a username and password. For example, a database connection string consists of a username and password.
You can store the username in a file `./username.txt` and the password in a You can store the username in a file `./username.txt` and the password in a
file `./password.txt` on your local machine. file `./password.txt` on your local machine.
@ -24,11 +24,10 @@ file `./password.txt` on your local machine.
echo -n 'admin' > ./username.txt echo -n 'admin' > ./username.txt
echo -n '1f2d1e2e67df' > ./password.txt echo -n '1f2d1e2e67df' > ./password.txt
``` ```
In these commands, the `-n` flag ensures that the generated files do not have
The `-n` flag in the above two commands ensures that the generated files will an extra newline character at the end of the text. This is important because
not contain an extra newline character at the end of the text. This is when `kubectl` reads a file and encodes the content into a base64 string, the
important because when `kubectl` reads a file and encode the content into extra newline character gets encoded too.
base64 string, the extra newline character gets encoded too.
The `kubectl create secret` command packages these files into a Secret and creates The `kubectl create secret` command packages these files into a Secret and creates
the object on the API server. the object on the API server.
@ -45,7 +44,7 @@ The output is similar to:
secret/db-user-pass created secret/db-user-pass created
``` ```
Default key name is the filename. You may optionally set the key name using The default key name is the filename. You can optionally set the key name using
`--from-file=[key=]source`. For example: `--from-file=[key=]source`. For example:
```shell ```shell
@ -54,17 +53,18 @@ kubectl create secret generic db-user-pass \
--from-file=password=./password.txt --from-file=password=./password.txt
``` ```
You do not need to escape special characters in passwords from files You do not need to escape special characters in password strings that you
(`--from-file`). include in a file.
You can also provide Secret data using the `--from-literal=<key>=<value>` tag. You can also provide Secret data using the `--from-literal=<key>=<value>` tag.
This tag can be specified more than once to provide multiple key-value pairs. This tag can be specified more than once to provide multiple key-value pairs.
Note that special characters such as `$`, `\`, `*`, `=`, and `!` will be Note that special characters such as `$`, `\`, `*`, `=`, and `!` will be
interpreted by your [shell](https://en.wikipedia.org/wiki/Shell_(computing)) interpreted by your [shell](https://en.wikipedia.org/wiki/Shell_(computing))
and require escaping. and require escaping.
In most shells, the easiest way to escape the password is to surround it with In most shells, the easiest way to escape the password is to surround it with
single quotes (`'`). For example, if your actual password is `S!B\*d$zDsb=`, single quotes (`'`). For example, if your password is `S!B\*d$zDsb=`,
you should execute the command this way: run the following command:
```shell ```shell
kubectl create secret generic dev-db-secret \ kubectl create secret generic dev-db-secret \
@ -74,7 +74,7 @@ kubectl create secret generic dev-db-secret \
## Verify the Secret ## Verify the Secret
You can check that the secret was created: Check that the Secret was created:
```shell ```shell
kubectl get secrets kubectl get secrets
@ -111,7 +111,7 @@ username: 5 bytes
The commands `kubectl get` and `kubectl describe` avoid showing the contents The commands `kubectl get` and `kubectl describe` avoid showing the contents
of a `Secret` by default. This is to protect the `Secret` from being exposed of a `Secret` by default. This is to protect the `Secret` from being exposed
accidentally to an onlooker, or from being stored in a terminal log. accidentally, or from being stored in a terminal log.
## Decoding the Secret {#decoding-secret} ## Decoding the Secret {#decoding-secret}
@ -141,7 +141,7 @@ The output is similar to:
## Clean Up ## Clean Up
To delete the Secret you have created: Delete the Secret you created:
```shell ```shell
kubectl delete secret db-user-pass kubectl delete secret db-user-pass
@ -152,5 +152,5 @@ kubectl delete secret db-user-pass
## {{% heading "whatsnext" %}} ## {{% heading "whatsnext" %}}
- Read more about the [Secret concept](/docs/concepts/configuration/secret/) - Read more about the [Secret concept](/docs/concepts/configuration/secret/)
- Learn how to [manage Secret using config file](/docs/tasks/configmap-secret/managing-secret-using-config-file/) - Learn how to [manage Secrets using config files](/docs/tasks/configmap-secret/managing-secret-using-config-file/)
- Learn how to [manage Secret using kustomize](/docs/tasks/configmap-secret/managing-secret-using-kustomize/) - Learn how to [manage Secrets using kustomize](/docs/tasks/configmap-secret/managing-secret-using-kustomize/)