Use a Secret in a pod - User Guide for Kubernetes Clusters| Alibaba Cloud Documentation Center

This topic describes how to use a Secret in a pod.

Prerequisites

The Secret and pod are in the same cluster of Container Service for Kubernetes (ACK) and belong to the same namespace.
You are connected to a master node of the cluster. For more information, see Use kubectl to connect to an ACK cluster.

Background information

You can use a Secret in a pod in the following scenarios:

Mount a Secret as a volume to a pod.
Use a Secret to configure environment variables for a pod.

For more information, see Secrets.

Create a Secret

In this example, a Secret named secret-test is created.

Log on to the ACK console.
In the left-side navigation pane of the ACK console, click Clusters.
On the Clusters page, find the cluster that you want to manage and click the name of the cluster, or click Details in the Actions column. The details page of the cluster appears.
In the left-side navigation pane of the details page, choose Workloads > Deployments.
In the upper-right corner of the Deployments tab, click Create from Template.
Select a cluster and a namespace, select a sample template or enter a custom template, and then click Create.
The following YAML template is an example:
```
apiVersion: v1
kind: Secret
metadata:
  name: secret-test
type: Opaque
data:
  username: admin
  password: 12345  # The value must be encoded in Base64.
```

For more information about how to create a Secret in the ACK console, see Create a Secret.

Mount a Secret as a volume to a pod

You can mount a Secret as a volume to a pod by using the following methods:

You can use a YAML file to mount a Secret as a volume to a pod. A mounted Secret can be used as a file in a pod. In this example, the username and password information of secret-test is stored in a file under the /srt directory.

Create a file named example0.yaml and paste the following content into the file:

apiVersion: v1
kind: Pod
metadata:
  name: pod0
spec:
  containers:
  - name: redis
    image: redis
    volumeMounts:
    - name: srt
      mountPath: "/srt "
      readOnly: true
  volumes:
  - name: srt
    secret:
      secretName: secret-test

Run the following command to execute the file:
```
kubectl apply -f  example0.yaml
```
Note Replace example0.yaml with the name of the YAML file that is used.

You can also mount a Secret as a volume to a pod in the Container Service for Kubernetes (ACK) console.

In the left-side navigation pane of the ACK console, click Clusters.
On the Clusters page, find the cluster that you want to manage and click the name of the cluster, or click Details in the Actions column. The details page of the cluster appears.
In the left-side navigation pane of the details page, choose Workloads > Deployments.
In the upper-right corner of the Deployments tab, click Create from Image.
For more information, see Deploy a stateless application from an image.
On the Basic Information wizard page, set the parameters based on your requirements and click Next.
On the Container wizard page, click Add Local Storage in the Volume section. In this example, select Secret from the PV Type drop-down list, select the Secret that is created in Create a Secret from the Mount Source drop-down list, and specify a container path to mount the volume.

The following figure shows the configuration of the volume.
On the Advanced wizard page, set the parameters based on your requirements and click Create.

Use a Secret to configure environment variables for a pod.

You can use a Secret to configure environment variables for a pod in the following ways:

You can use a YAML file to configure environment variables for a pod. In this example, the username and password information of secret-test is configured as environment variables of a pod.

Create a YAML file named example1.yaml and paste the following content into the file.

apiVersion: v1
kind: Pod
metadata:
  name: pod1
spec:
  containers:
  - name: redis
    image: redis
    env:
      - name: USERNAME
        valueFrom:
          secretKeyRef:
            name: secret-test
            key: username
      - name: PASSWORD
        valueFrom:
          secretKeyRef:
            name: secret-test
            key: password

Run the following command to configure the environment variables:
```
kubectl apply -f  example1.yaml
```
Note Replace example1.yaml with the name of the YAML file that is used.

You can also use a Secret to configure environment variables for a pod in the ACK console.

In the left-side navigation pane of the ACK console, click Clusters.
On the Clusters page, find the cluster that you want to manage and click the name of the cluster, or click Details in the Actions column. The details page of the cluster appears.
In the left-side navigation pane of the details page, choose Workloads > Deployments.
In the upper-right corner of the Deployments tab, click Create from Image.
For more information, see Deploy a stateless application from an image.
On the Basic Information wizard page, set the parameters based on your requirements and click Next.
On the Container wizard page, click in the Environments section. In this example, select Secret from the Type drop-down list and select the Secret that is created in Create a Secret from the Value/ValueFrom drop-down list. After you select the Secret, you must specify the key of the key-value pair that you want to reference and also specify a name for the environment variable.

The following figure shows the configurations.
On the Advanced wizard page, set the parameters based on your requirements and click Create.