Secrets are incredibly crucial. Why? Because we don't want things in plain text. API keys, passwords, connect strings, etc. should all be hidden. Today we're going to see how we can manage k8s secrets.

For my Dev environment, I've simply spun up minikube. You'll need to confirm how to do this for your Operating System.

Spin up a simple Nginx pod.

apiVersion: v1

kind: Pod

metadata:

name: nginx

spec:

containers:

- name: nginx

image: nginx:latest

The above is a Kubernetes manifest that will spin up a 1 pod of Nginx.

In the same directory that your nginx.yml lives, run kubectl create -f nginx.yml to run your deployment.

Now you can create a new secret by creating a new secret manifest.

apiVersion: v1
kind: Secret
metadata:
 name: new-secret
type: Opaque
data:
 password: MWYyZDFlMmU2N2Rm

Go ahead and run kubectl apply -f secret.yml to create the new secret.

Now that you have a secret created, go ahead and look at the contents of the secret. By running kubectl get secret new-secret -o yaml I can see the secret metadata.

Now that you have the secret, you can re-deploy nginx with the secret attached.

apiVersion: v1
kind: Pod
metadata:
 name: nginx
spec:
 containers:
 - name: nginx
   image: nginx:latest
   volumeMounts:
     - name: service
       mountPath: /root/
 volumes:
   - name: service
     secret:
       secretName: my-secret

Simply add the secret call in your manifest and let your manifest know which secret you want to use. The volume mounts are to specify where you want your secret to live within your pod.

run kubectl apply -f nginx.yml to create your new pod.

You have now created a new pod and attached a secret! Thanks for reading.