11. Secrets

Download certificates

$ wget -q -c -P files https://storage.googleapis.com/kuar-demo/kuard.crt https://storage.googleapis.com/kuar-demo/kuard.key

Create a secret named kuard-tls

$ kubectl create secret generic kuard-tls --from-file=files/kuard.crt --from-file=files/kuard.key

Get details about created secret

$ kubectl describe secrets kuard-tls

Show secrets

$ kubectl get secrets

Update secrets - generate yaml and then edit the secret ‘kubectl edit configmap my-config’

$ kubectl create secret generic kuard-tls --from-file=files/kuard.crt --from-file=files/kuard.key --dry-run -o yaml | kubectl replace -f -

Create a new pod with secret attached

$ tee files/kuard-secret.yaml << EOF
apiVersion: v1
kind: Pod
metadata:
  name: kuard-tls
spec:
  containers:
    - name: kuard-tls
      image: gcr.io/kuar-demo/kuard-amd64:1
      imagePullPolicy: Always
      volumeMounts:
      - name: tls-certs
        mountPath: "/tls"
        readOnly: true
  volumes:
    - name: tls-certs
      secret:
        secretName: kuard-tls
EOF

Apply the config file

$ kubectl apply -f files/kuard-secret.yaml
$ sleep 20

Set port-forwarding. Go to https://localhost:8080, check the certificate and click on “File system browser” tab (/tls)

$ kubectl port-forward kuard-tls 8443:8443 &

Stop port forwarding

$ pkill -f "kubectl port-forward kuard-tls 8443:8443"

Delete pod

$ kubectl delete pod kuard-tls