11. Secrets¶
Download certificates
$ wget -q -c -P files https://storage.googleapis.com/kuar-demo/kuard.crt https://storage.googleapis.com/kuar-demo/kuard.key
Create a secret named kuard-tls
$ kubectl create secret generic kuard-tls --from-file=files/kuard.crt --from-file=files/kuard.key
Get details about created secret
$ kubectl describe secrets kuard-tls
Show secrets
$ kubectl get secrets
Update secrets - generate yaml and then edit the secret ‘kubectl edit configmap my-config’
$ kubectl create secret generic kuard-tls --from-file=files/kuard.crt --from-file=files/kuard.key --dry-run -o yaml | kubectl replace -f -
Create a new pod with secret attached
$ tee files/kuard-secret.yaml << EOF
apiVersion: v1
kind: Pod
metadata:
name: kuard-tls
spec:
containers:
- name: kuard-tls
image: gcr.io/kuar-demo/kuard-amd64:1
imagePullPolicy: Always
volumeMounts:
- name: tls-certs
mountPath: "/tls"
readOnly: true
volumes:
- name: tls-certs
secret:
secretName: kuard-tls
EOF
Apply the config file
$ kubectl apply -f files/kuard-secret.yaml
$ sleep 20
Set port-forwarding. Go to https://localhost:8080, check the certificate and click on “File system browser” tab (/tls)
$ kubectl port-forward kuard-tls 8443:8443 &
Stop port forwarding
$ pkill -f "kubectl port-forward kuard-tls 8443:8443"
Delete pod
$ kubectl delete pod kuard-tls