bd435d4154
* Update tasks index description * Create generators folder * Update tasks/generators titles * Add rollouts placeholder * Add generate configmap from file example * Add literals and env file example * Add propogation example * Consistent punctuation * Update grammar * Clean up configmaps page * Remove examples from configMapGenerator ref page * Move secret examples to Tasks * Clean up spacing * Consolidate cm and secret * Consistent grammar * Cleanup * Address feedback * Bump date * Fix propagate spelling * Remove roll out updates section * Separate configmap and secret generator tasks * Add secret from file example * Add secret from literals example * Update tls secret example * Update task page weights * Link cm generator reference * Add link to secret reference * Remove secretGenerator example from reference section * Add configmap options task, clean up reference * Add file with key example * Secrets are base64 encoded
3.6 KiB
title, linkTitle, weight, date, description
| title | linkTitle | weight | date | description |
|---|---|---|---|---|
| Generating Secrets | Generating Secrets | 2 | 2023-10-20 | Working with the Secret Generator |
Secret objects can be generated by adding a secretGenerator entry to the kustomization.yaml file. This is similar to the configMapGenerator. Secret Resources may be generated from files and literals. It is important to note that the secrets are base64 encoded.
Create Secret from a file
To generate a Secret Resource from a file, add an entry to secretGenerator with the filename.
The Secret will have data values populated from the file contents. The contents of each file will appear as a single data item in the Secret keyed by the filename.
The following example generates a Secret with a data item containing the contents of a file.
- Create a Kustomization file.
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
- name: db-user-pass
files:
- credentials.txt
- Create a
credentials.txtfile.
# credentials.txt
username=admin
password=S!B\*d$zDsb=
- Create the Secret using
kustomize build.
kustomize build .
The Secret manifest is generated.
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: db-user-pass-gf9bgh225c
data:
credentials.txt: dXNlcm5hbWU9YWRtaW4KcGFzc3dvcmQ9UyFCXCpkJHpEc2I9Cg==
The credentials key value is base64 encoded.
echo "dXNlcm5hbWU9YWRtaW4KcGFzc3dvcmQ9UyFCXCpkJHpEc2I9Cg==" | base64 -d
username=admin
password=S!B\*d$zDsb=
Create Secret from literals
To generate a Secret Resource from literal key-value pairs, add an entry to secretGenerator with a
list of literals.
{{< alert color="success" title="Literal Syntax" >}}
- The key/value are separated by a
=sign (left side is the key). - The value of each literal will appear as a data item in the Secret keyed by its key. {{< /alert >}}
The following example generates a Secret with two data items generated from literals.
- Create a Kustomization file.
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
- name: db-user-pass
literals:
- username=admin
- password=S!B\*d$zDsb=
- Create the Secret using
kustomize build.
kustomize build .
The Secret manifest is generated.
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: db-user-pass-t8d2d65755
data:
password: UyFCXCpkJHpEc2I9
username: YWRtaW4=
The credential key values are base64 encoded.
echo "UyFCXCpkJHpEc2I9" | base64 -d
S!B\*d$zDsb=
echo "YWRtaW4=" | base64 -d
admin
Create a TLS Secret
The following example generates a TLS Secret with certificate and private key data files.
- Create a Kustomization file.
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
- name: app-tls
files:
- "tls.crt"
- "tls.key"
type: "kubernetes.io/tls"
- Create a certificate file.
# tls.crt
LS0tLS1CRUd...tCg==
- Create a private key file.
# tls.key
LS0tLS1CRUd...0tLQo=
- Create the Secret using
kustomize build.
kustomize build .
The Secret manifest is generated. The data key values are base64 encoded.
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: app-tls-c888dfbhf8
data:
tls.crt: TFMwdExTMUNSVWQuLi50Q2c9PQ==
tls.key: TFMwdExTMUNSVWQuLi4wdExRbz0=