Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set secret files to kubernetes secrets by yaml?

I want to store files in Kubernetes Secrets but I haven't found how to do it using a yaml file.

I've been able to make it using the cli with kubectl:

kubectl create secret generic some-secret --from-file=secret1.txt=secrets/secret1.txt 

But when I try something similar in a yaml:

apiVersion: v1 kind: Secret metadata:   name: some-secret type: Opaque data:   secret1.txt: secrets/secret1.txt 

I´ve got this error:

[pos 73]: json: error decoding base64 binary 'assets/elasticsearch.yml': illegal base64 data at input byte 20 

I'm following this guide http://kubernetes.io/docs/user-guide/secrets/. It explains how to create a secret using a yaml but not how to create a secret from a file using yaml.

Is it possible? If so, how can I do it?

like image 289
dgil Avatar asked Apr 27 '16 11:04

dgil


People also ask

How do you store secrets in Kubernetes?

When you create a Secret with kubectl create -f secret. yaml , Kubernetes stores it in etcd. The Secrets are stored in clear in etcd unless you define an encryption provider. When you define the provider, before the Secret is stored in etcd and after the values are submitted to the API, the Secrets are encrypted.


1 Answers

As answered on previous post, we need to provide the certificate/key encoded as based64 to the file.

Here is generic example for a certiticate (in this case SSL):

The secret.yml.tmpl:

    apiVersion: v1          kind: Secret     metadata:          name: test-secret          namespace: default     type: Opaque     data:         server.crt: SERVER_CRT         server.key: SERVER_KEY 

Pre-process the file to include the certificate/key:

sed "s/SERVER_CRT/`cat server.crt|base64 -w0`/g" secret.yml.tmpl | \ sed "s/SERVER_KEY/`cat server.key|base64 -w0`/g" | \ kubectl apply -f - 

Note that the certificate/key are encoded using base64 without whitespaces (-w0).

For the TLS can be simply:

kubectl create secret tls test-secret-tls --cert=server.crt --key=server.key 
like image 163
aitorhh Avatar answered Sep 28 '22 04:09

aitorhh