Select Page

Kubernetes secrets (etcd under the hood) are intended to hold sensitive information, such as passwords, OAuth tokens, and ssh keys.  Storing usernames and passwords for your applications with secrets is much more versatile than storing the information in the pod deployment itself. Lets take a look at the command for adding a simple key value pair to a secret that will hold  a username and password for a Mysql deployment.

kubectl create secret generic mysql-creds --from-literal=username=mysqlwebuser --from-literal=password=MyPa$$w0rd

The command above creates a generic Kubernetes secret with the name “mysql-creds” and stores the keys “username” and “password” with their corresponding values.

Alternatively you can create a repeatable secret using a YAML file and do the exact same thing we are doing above.

apiVersion: v1
 kind: Secret
  metadata:
   name: mysql-creds
 type: generic
 data:
  username: mysqlwebuser
  password: MyPa$$w0rd

Then we can use kubectl to add it to our cluster.

kubectl create -f ./mysecret.yaml

A sample of using the secret in your deployment is below. Super simple!

env:
 - name: MYSQL_USER
   valueFrom:
    secretKeyRef:
     name: mysql-creds
     key: password
 - name: MYSQL_PASSWORD 
   valueFrom: 
    secretKeyRef: 
     name: mysql-creds 
     key: password