README.md

Secrets

Secrets
Tips and Tricks

For simulated Practice problems visit KillerCoda.

1. create a secret mysecret with mypass=verysecret. Decode the base64 incoded secret value after creation

   Solution

   k create secret generic mysecret --from-literal=mypass=verysecret
   
   # check secret
   k get secret mysecret -o yaml
   #returns
   apiVersion: v1
   data:
     mypass: dmVyeXNlY3JldA==
   kind: Secret
   metadata:
     creationTimestamp: "2024-04-24T13:32:16Z"
     name: userpass
     namespace: default
     resourceVersion: "2040"
     uid: 8b80697b-1630-4288-adf6-a2ebd2bf3ec3
   
   # decode mypass value
   echo "dmVyeXNlY3JldA==" | base64 -d

2. create a secret adminpass from admin.txt with key pass

   echo "admin=password" > admin.txt

   Solution

   k create secret generic adminpass --from-file=pass=admin.txt

3. create a db pod with image mysql, create a secret mysqlcred with following details:

   • name: MYSQL_ROOT_PASSWORD value: "root_password"
   • name: MYSQL_USER value: "username"
   • name: MYSQL_PASSWORD value: "password"
   • name: MYSQL_DATABASE value: "mydatabase"
   Solution

   # create the secret
   k create secret generic mysqlcred --from-literal=MYSQL_ROOT_PASSWORD=root_password --from-literal=MYSQL_USER=username --from-literal=MYSQL_PASSWORD=password --from-literal=MYSQL_DATABASE=mydatabase
   
   # set required env variables
   apiVersion: v1
   kind: Pod
   metadata:
     name: db
   spec:
     containers:
     - name: mysql
       image: mysql
       envFrom:
         - secretRef:
             name: mysqlcred
   
   #** the pod will fail don't worry about it we need to run mysql command to keep it running. 

4. create a secret named source with key valueapp=v1, run a nginx pod setting env variableAPP_VERSION from value of app key in source secret.

   Solution

   k create secret generic source --from-literal=app=v1

   # generate pod yaml
   k run nginx --image=nginx --dry-run=client -o yaml > pod.yaml
   
   # add env to the pod yaml
   apiVersion: v1
   kind: Pod
   metadata:
     creationTimestamp: null
     labels:
       run: nginx
     name: nginx
   spec:
     containers:
     - image: nginx
       name: nginx
       resources: {}
       env:
         - name: APP_VERSION
           valueFrom:
             secretKeyRef:
               name: source
               key: app
     dnsPolicy: ClusterFirst
     restartPolicy: Always
   
   # create the pod
   k create -f pod.yaml

5. create a secret dotfile-secret with hidden=value run a nginx pod name keeper, mount secret as a volume named secret-vol at /etc/secret .

   Solution

   k create secret generic dotfile-secret --from-literal=hidden=value

   # generate pod yaml
   k run keeper --image=nginx --dry-run=client -o yaml > pod.yaml
   
   # add env to the pod yaml
   apiVersion: v1
   kind: Pod
   metadata:
     creationTimestamp: null
     labels:
       run: keeper
     name: keeper
   spec:
     volumes:
       - name: secret-vol
         secret:
           secretName: dotfile-secret
     containers:
     - image: nginx
       name: keeper
       resources: {}
       volumeMounts:
         - name: secret-vol
           mountPath: /etc/secret
     dnsPolicy: ClusterFirst
     restartPolicy: Always
   
   # create the pod
   k create -f pod.yaml
   
   # check volume mount
   k exec keeper -ti -- ls /etc/secret