Since 1.14, Kubectl supports the management of Kubernetes objects using Kustomize. Kustomize provides resource Generators to create Secrets and ConfigMaps. The Kustomize generators should be specified in a kustomization.yaml file. A Kustomize file for generating a Secret from literal key-value pairs looks as follows:
Run the following set of commands to generate a Secret using Kubectl and Kustomize.
mkdir -p ~/environment/secrets
cd ~/environment/secrets
wget https://eksworkshop.com/beginner/200_secrets/secrets.files/kustomization.yaml
kubectl kustomize . > secret.yaml
The generated Secret with base64 encoded value for username and password keys is as follows:
You can now deploy this Secret to your EKS cluster.
kubectl create namespace octank
kubectl apply -f secret.yaml
You may expose the keys, namely, username and password, in the database-credentials Secret to a Pod as environment variables using a Pod manifest as shown below:
Run the following set of commands to deploy a pod that references the database-credentials Secret created above.
wget https://eksworkshop.com/beginner/200_secrets/secrets.files/pod-variable.yaml
kubectl apply -f pod-variable.yaml
kubectl get pod -n octank
View the output logs from the pod to verfiy that the environment variables DATABASE_USER and DATABASE_PASSWORD have been assigned the expected literal values
kubectl logs pod-variable -n octank
The output should look as follows: