Secret

To create encrypted secrets refer to Sealed secret

Similar to docker is possible to add a secret in kubernetes. This secret can be queried by the engine and injected to the pods.

One caveat is that the secrets are not safe to push into a public repository because they are not encrypted.

You can create a secret imperative with: 

kubectl create secret generic secret-name \
    --from-literal=key=value \
    --dry-run=client \
    --output yaml

Is also possible to add a secret from a file with --from-file=key.json=keyfile.json

The previous command outputs a yaml like: 

apiVersion: v1
data:
  key: dmFsdWU=
kind: Secret
metadata:
  creationTimestamp: null
  name: secret-name

Once the secret is created in the cluster, you can reference a Secret in a pod

Links to this page
  • Volumes

    As pods are transient, volumes allow persistent storage in the cluster. A simple volume can be created and mounted in a pod, specifying the path in the host, from a config map or a Secret.

  • Service account

    Service account is an account used to authenticate a machine. For example an application that wants to interact with the cluster. A service account is linked to a Secret. This secret contains a token used as an authentication bearer token for the kubernetes REST api in a third-party application.

#kubernetes