Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Kubernetes kubectl get secrets by type?

I want to run kubectl and get all the secrets of type = X. Is this possible?

I.e if I want to get all secrets where type=tls

something like kubectl get secrets --type=tls?

like image 334
nate Avatar asked Dec 06 '18 01:12

nate


People also ask

How do I get Kubernetes secret from file?

To create a Kubernetes secret, apply one of the following methods: Use kubectl for a command-line based approach. Create a configuration file for the secret. Use a generator, such as Kustomize to generate the secret.

Are Kubernetes secrets namespace specific?

Secret API objects reside in a namespace. They can only be referenced by pods in that same namespace. Basically, you will have to create the secret for every namespace.

What is Type opaque in Kubernetes secrets?

type: Opaque means that from kubernetes's point of view the contents of this Secret is unstructured, it can contain arbitrary key-value pairs. In contrast, there is the Secret storing ServiceAccount credentials, or the ones used as ImagePullSecret . These have a constrained contents.


3 Answers

How about field-selector:

$ kubectl get secrets --field-selector type=kubernetes.io/tls
like image 84
Sean Z Avatar answered Oct 12 '22 12:10

Sean Z


You can do it jsonpath. Something like this:

$ kubectl get secret -o=jsonpath='{range .items[*]}{.metadata.name} {.type}{"\n"}{end}' | grep -i tls

For example, to get all the type Opaque secrets:

$ kubectl get secret -o=jsonpath='{range .items[*]}{.metadata.name} {.type}{"\n"}{end}' | grep Opaque
dummy-secret Opaque
mysecretdelete Opaque

Update:

Now you can do this with the --field-selector option in kubectl:

$ kubectl get secrets --field-selector type=kubernetes.io/tls
$ kubectl get secret --field-selector type=kubernetes.io/service-account-token
like image 22
Rico Avatar answered Oct 12 '22 12:10

Rico


The accepted answer certainly works, but I was interested in finding a grep-less solution. Here's my contribution.

$ kubectl get secret -o=jsonpath='{.items[?(@.type=="Opaque")].metadata.name}'
dummy-secret mysecretdelete
like image 29
Philip C Avatar answered Oct 12 '22 12:10

Philip C