Secret Mount Pod
This example demonstrates how to create a Kubernetes secret and mount it into a pod. This is crucial for securely managing sensitive information like passwords and API keys within your applications.
Creating a Kubernetes Secret
First, let's create a secret containing a username and password. The values are base64 encoded for security.
---
apiVersion: v1
kind: Secret
metadata:
name: app-secret
type: Opaque
data:
username: YWRtaW4= # base64 encoded value of "admin"
password: YWRtaW4= # base64 encoded value of "admin"
---Mounting the Secret into a Pod
Next, we define a pod that mounts this secret using volumeMounts. The readOnly flag ensures the secret's data cannot be modified by the container.
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: container
image: busybox:latest
volumeMounts:
- name: secret-volume
mountPath: "/etc/secret"
readOnly: true
volumes:
- name: secret-volume
secret:
secretName: app-secret
Best Practices
Remember to always use base64 encoding for sensitive data within your secrets. Regularly review and rotate your secrets to maintain strong security.