Applications deployed to a Kubernetes cluster often need access to sensitive information such as credentials to access a database and authentication tokens to make authenticated API calls to services. Kubernetes allows you to specify such sensitive information cleanly in an object called a Secret. This avoids putting sensitive data in a Pod defintion or a docker image. In this blog, we demonstrate how you can easily hookup Kubernetes Secrets to your pod using Shippable.
Creating a Kubernetes Secret
Secrets are defined in a yml file in a Secret object. A Secret object can specifiy multiple secrets in name-value pairs. Each secret has to be base64 encoded before specifying it in the yml.
Let's define an API token as a secret for a fake token xxx-xxx-xxx.
1. Base 64 encode the token.
ambarishs-MacBook-Pro:sources ambarish$ echo -n "xxx-xxx-xxx" | base64
eHh4LXh4eC14eHg=
2. Create the secrets yml called create-secret.yml.
apiVersion: v1
kind: Secret
metadata:
name: auth-token-secret
type: Opaque
data:
AUTH_TOKEN_VALUE: eHh4LXh4eC14eHg=
3. Create the secret in the kubernetes cluster using kubectl.
$ kubectl create -f secrets.yml
secret "auth-token" created