Use a Secret in a pod - User Guide for Kubernetes Clusters| Alibaba Cloud Documentation Center

Use a Secret in a pod

Edit in GitHub

Last Updated: Jul 30, 2020 Edit in GitHub

This topic describes how to use a Secret in a pod. You can use a Secret to configure volumes and environment variables in a pod.

Prerequisites

A Secret named secret-test is created by using the following YAML template:

apiVersion: v1
kind: Secret
metadata:
  name: secret-test
type: Opaque
data:
  username: admin
  password: 12345  #You must encode your password by using Base64.

For more information about how to create a secret, see Create a Secret.

The Secret and pod share the same cluster and namespace.
The Master node of your Kubernetes cluster is connected. For more information, see Connect to Kubernetes clusters through kubectl.

Use a Secret to configure pod volumes

You can configure pod volumes by using either of the following methods:

Method 1: Configure pod volumes by running the kubectl apply -f <example0.yaml> command.

Note You must replace the example0.yaml file with the name of the target YAML file.
Method 2: Configure pod volumes in the Container Service console.
1. Log on to the Container Service console.
2. In the left-side navigation pane under Container Service-Kubernetes, choose Application > Deployment.
3. In the upper-right corner, click Create from Image. For information about how to create a deployment application by using an image, see Create deployments by using images.
  In the Volume section of the Container tab, click Add Local Volume, select Secret from the PV Type drop-down list, select secret-test from the Mount Source drop-down list, and set Container Path to the path where secret-test is saved.

A Secret can be used as a file in a pod. For example, the username and password of the Secret (secret-test) is saved to the /srt directory as a file.

apiVersion: v1
kind: Pod
metadata:
  name: pod0
spec:undefined containers:
  - name: redis
    image: redis
    volumeMounts:
    - name: srt
      mountPath: "/srt "
      readOnly: true
  volumes:
  - name: srt
    secret:
      secretName: secret-test

Use a Secret to configure environment variables

You can configure environment variables by using either of the following methods:

Method 1: Configure environment variables by running the kubectl apply -f <example1.yaml> command.

Note You must replace the example1.yaml file with the name of the target YAML file.
Method 2: Configure environment variables in the Container Service console.
1. Log on to the Container Service console.
2. In the left-side navigation pane under Container Service-Kubernetes, choose Application > Deployment.
3. In the upper-right corner, click Create from Image. For information about how to create a deployment application by using an image, see Create deployments by using images.
  In the Environment Variable section of the Container tab, click Add, select Secret from the Type drop-down list, select secret-test from the Value/ValueFrom drop-down list, select the target keys, and enter a name for the variables.

For more information about Secrets, see Secrets.