Kubernetes secrets are used to decouple sensitive information from underlying programs.
Sample Questions
- Assume Avarel Dalton want to define a secret object credentials with user=avarel, password=test1234. Help him to do so.
kubectl create secret generic credentials --from-literal=user=avarel --from-literal=password=test1234
- check the defined secret
kubectl get secrets
kubectl get secret credentials -o=yaml
as secret objects are stored in base64 form, base64 -- decode can be used to check values.
echo 'dGVzdDEyMzQ=' | base64 --decode
- Create a nginx pod that creates USER and PASSSWORD environment variables from credentials secret.
secrets can be mapped to environment variables through .spec.containers[].env.valueFrom.secretKeyRef
- Create a nginx pod that gets environment variables as they are from credentials secret
secrets can be mapped to environment variables through .spec.containers[].envFrom.secretRef
- Create a service account named daltons, and use this account in a nginx pod.
kubectl create serviceaccount daltons
service account can be mapped to pod through .spec.serviceAccountName
References in kubernetes.io
Pingback: Certified Kubernetes Application Developer exam study notes | sifaserdarozen