We will create the same secrets as in the previous section, only manually, by following these steps:
- First, we need to encode the secrets to base64, as follows:
# encode the token to base64
# -w 0 options ensures that in case the string goes more
# than 80 chars no column wrapping is done
echo '/x~Lhx Az!,;.Vk%[#n+";9p%jGF6[' | base64 -w 0
You will get the following value:
L3h+TGh4XG5BeiEsOy5WayVbI24rIjs5cCVqR0Y2Wwo=
You might notice that this is the same value that was present when we got the yaml definition of the secret.
- Similarly, for the url value, we can get the base64 encoded value, as shown in the following code block:
echo 'https://my-secret-url-location.topsecret.com' | base64 -w 0
aHR0cHM6Ly9teS1zZWNyZXQtdXJsLWxvY2F0aW9uLnRvcHNlY3JldC5jb20K
- We can now create the secret definition manually; then, save the file as myfirstsecret.yaml:
apiVersion: v1
kind: Secret
metadata:
name: myapiurltoken
type: Opaque
data:
url: aHR0cHM6Ly9teS1zZWNyZXQtdXJsLWxvY2F0aW9uLnRvcHNlY3JldC5jb20K
token: L3h+TGh4XG5BeiEsOy5WayVbI24rIjs5cCVqR0Y2Wwo=
kind tells us that this is a secret; the name value is myapiurltoken, and type is Opaque (from Kubernetes' perspective, values are unconstrained key-value pairs). The data section has the actual data in the form of keys, such as url and token, followed by the encoded values.
- Now we can create the secrets in the same way as any other Kubernetes resource by using the create command:
kubectl create -f myfirstsecret.yaml
kubectl get secrets
NAME TYPE DATA AGE
defau... kubernetes.io/.. 3 4d5h
myapi-url-token Opaque 2 167m
myapiurltoken Opaque 2 25m
- You can double-check that the secrets are the same, by using kubectl get -o yaml secrets/myapiurltoken in the same way that we described in the previous section.