kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
website/content/en/docs/tasks/configmap-secret/managing-secret-using-kusto...

3.6 KiB
Raw Blame History

title content_type weight description
Managing Secrets using Kustomize task 30 Creating Secret objects using kustomization.yaml file.

kubectl supports using the Kustomize object management tool to manage Secrets and ConfigMaps. You create a resource generator using Kustomize, which generates a Secret that you can apply to the API server using kubectl.

{{% heading "prerequisites" %}}

{{< include "task-tutorial-prereqs.md" >}}

Create a Secret

You can generate a Secret by defining a secretGenerator in a kustomization.yaml file that references other existing files, .env files, or literal values. For example, the following instructions create a Kustomization file for the username admin and the password 1f2d1e2e67df.

Create the Kustomization file

{{< tabs name="Secret data" >}} {{< tab name="Literals" codelang="yaml" >}} secretGenerator:

  • name: database-creds literals:
    • username=admin
    • password=1f2d1e2e67df {{< /tab >}} {{% tab name="Files" %}}

  1. Store the credentials in files with the values encoded in base64:

    echo -n 'admin' > ./username.txt
echo -n '1f2d1e2e67df' > ./password.txt

    The -n flag ensures that there's no newline character at the end of your files.

  2. Create the kustomization.yaml file:

    secretGenerator:
- name: database-creds
  files:
  - username.txt
  - password.txt

{{% /tab %}}} {{% tab name=".env files" %}} You can also define the secretGenerator in the kustomization.yaml file by providing .env files. For example, the following kustomization.yaml file pulls in data from an .env.secret file:

secretGenerator:
- name: db-user-pass
  envs:
  - .env.secret

{{% /tab %}} {{< /tabs >}}

In all cases, you don't need to base64 encode the values. The name of the YAML file must be kustomization.yaml or kustomization.yml.

Apply the kustomization file

To create the Secret, apply the directory that contains the kustomization file:

kubectl apply -k <directory-path>

The output is similar to:

secret/database-creds-5hdh7hhgfk created

When a Secret is generated, the Secret name is created by hashing the Secret data and appending the hash value to the name. This ensures that a new Secret is generated each time the data is modified.

To verify that the Secret was created and to decode the Secret data, refer to Managing Secrets using kubectl.

Edit a Secret

  1. In your kustomization.yaml file, modify the data, such as the password.

  2. Apply the directory that contains the kustomization file:

    kubectl apply -k <directory-path>

    The output is similar to:

    secret/db-user-pass-6f24b56cc8 created

The edited Secret is created as a new Secret object, instead of updating the existing Secret object. You might need to update references to the Secret in your Pods.

Clean up

To delete a Secret, use kubectl:

kubectl delete secret <secret-name>

{{% heading "whatsnext" %}}