Skip to content

How to use Kubernetes Secrets

Create Kubernetes secrets using kubectl and --from-literal

The easiest ways to create the Kubernetes secret is by using the kubectl command and --from-literal flag. For example to understand Kubernetes secret creation we need three things.

  • secret-name - test-secret
  • username - test-user
  • password - testP@ssword
Run from shell prompt
1
kubectl create secret generic test-secret --from-literal=username=test-user --from-literal=password=testP@ssword

Verify the secret using the following command

Run from shell prompt
1
kubectl get secret test-secret

Describe The Secret

Run from shell prompt
1
kubectl describe secret test-secret

Base64 Encoded Kubernetes Secrets

Run from shell prompt
1
echo -n ‘test-user’ | base64

Using Kubernetes Secrets In A Deployment (mysql)

Create a secret

Create Secret
1
2
3
4
5
6
7
apiVersion: v1
kind: Secret
metadata:
  name: mysql-test-secret
type: kubernetes.io/basic-auth
stringData:
  password: test1234

Create a deployment

Create Deployment
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
spec:
  selector:
    matchLabels:
      app: mysql
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - image: mysql
          name: mysql
          env:
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mysql-test-secret
                  key: password
          ports:
            - containerPort: 3306
              name: mysql