- Building Google Cloud Platform Solutions
- Ted Hunter Steven Porter Legorie Rajan PS
- 199字
- 2025-04-04 14:47:42
Creating/Storing secrets
kubectl create secret generic creds --from-literal=username=bobsmith --from-literal=password=p@ssw0rd
Most secrets, like credentials, will be generically typed and contain textual data. In addition to being able to create secrets from literals, you also have the ability to create them from text files. When using files as the basis for your secrets, the key will default to your filename and the contents will be used for the value:
kubectl create secret generic credentials --from-file ./username.txt --from-file ./password.txt
If your filename is not suitable or is undesirable as a key, you can provide an alternate key value. Kubernetes also provides for creating a secret object from a YAML definition file. In this case, you would be base64 encoding for your data and including that in the YAML file:
apiVersion: v1
kind: Secret
metadata:
name: creds
data:
username: Ym9ic21pdGg=
password: cEBzc3cwcmQ=
Kubernetes also gives you some more advanced ways to create secrets. For instance, using the Kubernetes CLI, you have the ability to create secrets based on every file within a given directory. Existing secrets can absolutely be updated and the deployments that depend on those secrets will then retrieve the new values the next time they obtain the secret.