Applications deployed to a Kubernetes cluster often need access to sensitive information such as credentials to access a database and authentication tokens to make authenticated API calls to services. Kubernetes allows you to specify such sensitive information cleanly in an object called a Secret. This avoids putting sensitive data in a Pod defintion or a docker image. In this blog, we demonstrate how you can easily hookup Kubernetes Secrets to your pod using Shippable.
Creating a Kubernetes Secret
Secrets are defined in a yml file in a Secret object. A Secret object can specifiy multiple secrets in name-value pairs. Each secret has to be base64 encoded before specifying it in the yml.
Let's define an API token as a secret for a fake token xxx-xxx-xxx.
1. Base 64 encode the token.
ambarishs-MacBook-Pro:sources ambarish$ echo -n "xxx-xxx-xxx" | base64
2. Create the secrets yml called create-secret.yml.
3. Create the secret in the kubernetes cluster using kubectl.
$ kubectl create -f secrets.yml
secret "auth-token" created