Merge pull request #251 from marcel-dempers/secrets

k8s secret guide updates
2025-06-06 17:01:30 +00:00 · 2025-03-17 21:21:36 +11:00 · 2025-03-17 21:21:36 +11:00 · 69f68f4617
commit 69f68f4617
parent 9c289a54da 3dc59d66f9
4 changed files with 113 additions and 6 deletions
--- a/kubernetes/secrets/README.md
+++ b/kubernetes/secrets/README.md
@ -1,3 +1,70 @@
 # Introduction to Kubernetes: Secrets
-<a href="https://youtu.be/o36yTfGDmZ0" title="k8s-secrets"><img src="https://i.ytimg.com/vi/o36yTfGDmZ0/hqdefault.jpg" width="20%" alt="k8s-secrets" /></a> 
+<a href="https://youtu.be/EkUN4V4Hmws" title="k8s-secrets"><img src="https://i.ytimg.com/vi/EkUN4V4Hmws/hqdefault.jpg" width="20%" alt="k8s-secrets" /></a> 
 ## Create a cluster with Kind
 ```
 kind create cluster --name secrets --image kindest/node:v1.31.1
 ```
 ## Our Secret
 We have a secret under `kubernetes/secrets/secret.json`
 ```
 cat kubernetes/secrets/secret.json
 ```
 ## Using our secret in a container
 As a file:
 ```
 docker run -it -v $PWD/kubernetes/secrets/secret.json:/secrets/secret.json ubuntu:latest bash
 cat /secrets/secret.json
 ```
 As environment variables:
 ```
 api_key="somesecretgoeshere"
 docker run -it -e API_KEY=$api_key ubuntu:latest bash
 echo $API_KEY
 ```
 ## Kubernetes Secret
 Read more about [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/)
 ## Create our secret
 There are two main ways we can create a Kubernetes secret. </br>
 Either by creating the secret object with `kubectl create secret` or apply\create it declaratively using YAML with `kubectl apply -f`
 `kubectl create secret`:
 ```
 kubectl create secret generic mysecret --from-file kubernetes/secrets/secret.json
 ```
 `kubectl apply -f` or `kubectl create -f` allows us to define things declaratively using YAML files:
 ```
 kubectl apply -f kubernetes/secrets/secret.yaml
 ```
 ## Use our secret
 In order to use our secret we add a `volume` to our pod spec and then mount that using a `volumeMount` </br>
 We can also use a secret references as `env` variable </br>
 ```
 kubectl apply -f kubernetes/secrets/pod.yaml
 ```
--- a/kubernetes/secrets/pod.yaml
+++ b/kubernetes/secrets/pod.yaml
@ -0,0 +1,30 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: example-pod
  namespace: default
  labels:
    app: example-app
    test: test
 spec:
  nodeSelector:
    kubernetes.io/os: linux
  containers:
  - name: example-app
    image: aimvector/python:1.0.4
    imagePullPolicy: Always
    ports:
    - containerPort: 5000
    env:
    - name: API_KEY
      valueFrom:
        secretKeyRef:
          name: mysecret
          key: api_key
    volumeMounts:
    - name: secret-volume
      mountPath: /secrets/
  volumes:
  - name: secret-volume
    secret:
      secretName: mysecret
--- a/kubernetes/secrets/secret.json
+++ b/kubernetes/secrets/secret.json
@ -0,0 +1,3 @@
 {
  "api_key" : "somesecretgoeshere"
 }
--- a/kubernetes/secrets/secret.yaml
+++ b/kubernetes/secrets/secret.yaml
@ -2,11 +2,18 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: mysecret
  namespace: default
  labels:
    app: example-app
 type: Opaque
-stringData:
+data:
-  secret.json: |-
+  api_key: c29tZXNlY3JldGdvZXNoZXJlCg==
-    {
+  secret.json: ew0KICAiYXBpX2tleSIgOiAic29tZXNlY3JldGdvZXNoZXJlIg0KfQ==
-      "api_key" : "somesecretgoeshere"
+# stringData:
-    }
+#   secret.json: |-
 #     {
 #       "api_key" : "somesecretgoeshere"
 #     }
 #kubectl create secret generic mysecret --from-file .\golang\secrets\secret.json