Kubernetes secrets (etcd under the hood) are intended to hold sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing usernames and passwords for your applications with secrets is much more versatile than storing the information in the pod deployment itself. Lets take a look at the command for adding a simple key value pair to a secret that will hold a username and password for a Mysql deployment.
kubectl create secret generic mysql-creds --from-literal=username=mysqlwebuser --from-literal=password=MyPa$$w0rd
The command above creates a generic Kubernetes secret with the name “mysql-creds” and stores the keys “username” and “password” with their corresponding values.
Alternatively you can create a repeatable secret using a YAML file and do the exact same thing we are doing above.
apiVersion: v1 kind: Secret metadata: name: mysql-creds type: generic data: username: mysqlwebuser password: MyPa$$w0rd
Then we can use kubectl to add it to our cluster.
kubectl create -f ./mysecret.yaml
A sample of using the secret in your deployment is below. Super simple!
env: - name: MYSQL_USER valueFrom: secretKeyRef: name: mysql-creds key: password - name: MYSQL_PASSWORD valueFrom: secretKeyRef: name: mysql-creds key: password