K
Q

How to set secret data to kubernetes secrets by yaml?

11/16/2015

I am using kubernetes to deploy a rails app to google container engine.

Follow the kubernetes secrets document: http://kubernetes.io/v1.1/docs/user-guide/secrets.html

I created a web controller file:

# web-controller.yml
apiVersion: v1
kind: ReplicationController
metadata:
  labels:
    name: web
  name: web-controller
spec:
  replicas: 2
  selector:
    name: web
  template:
    metadata:
      labels:
        name: web
    spec:
      containers:
      - name: web
        image: gcr.io/my-project-id/myapp:v1
        ports:
        - containerPort: 3000
          name: http-server
        env:
          secret:
          - secretName: mysecret

And created a secret file:

# secret.yml
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  RAILS_ENV: production

When I run:

kubectl create -f web-controller.yml

It showed:

error: could not read an encoded object from web-controller.yml: unable to load "web-controller.yml": json: cannot unmarshal object into Go value of type []v1.EnvVar
error: no objects passed to create

Maybe the yaml format is wrong in the web-controller.yml file. Then how to write?

-- scho
google-kubernetes-engine
kubernetes
ruby-on-rails
yaml

Similar Questions

Kubernetes Persistent Volume: What happen if storage exceed capactity
A memory issue, how to manage the Exited Docker Containers?
How to discover headless service endpoints
How to prevent two volume claims to claim the same volume on Kubernetes?

4 Answers

9/10/2019

Lets Say we adding imagepull secrets in deployment now follow the steps,

kubectl create secret docker-registry secret-name --docker-server=<registry-server-url> --docker-username=<Username> --docker-password=<password> --docker-email=<your-email>

Now refer this in deployment yaml file,

apiVersion: v1
kind: Deployment
metadata:
  name: test-deployment
spec:
  containers:
  - name: test-app
    image: <Image-name-private>
  imagePullSecrets:
  - name: secret-name

OR

Lets say you have some api key for access the application.

kubectl create secret generic secret-name --from-literal api-key="<your_api-key"

Now refer this in deployment like this.

        env:
          - name: API_KEY
            valueFrom:
              secretKeyRef:
                name: secret-name
                key: api-key
-- Sachin Arote
Source: StackOverflow
11/30/2015

We do not currently support secrets exposed as env vars.

-- Tim Hockin
Source: StackOverflow
11/16/2015

You need to base64 encode the value and your key must be a valid DNS label, that is, replace RAILS_ENV with, for example, rails-env. See also this end-to-end example I put together here for more details and concrete steps.

-- Michael Hausenblas
Source: StackOverflow
1/31/2019

secret.yml

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
stringData:
  RAILS_ENV: production

stringData is the easymode version of what you're after, one thing though. you'll see the cleartext original yaml used to create the secret in the annotation (and if you used the above method that means you'll have a human readable secret in your annotation, if you use the below method you'll have the base64'd secret in your annotation), unless you follow up with the erase annotation command like so:

kubectl apply -f secret.yml
kubectl annotate secret mysecret kubectl.kubernetes.io/last-applied-configuration-
(the - at the end is what says to erase it)
kubectl get secret mysecret -n=api -o yaml
(to confirm)

Alternatively you'd do
Bash# echo production | base64
cHJvZHVjdGlvbgo=

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  RAILS_ENV: cHJvZHVjdGlvbgo=
-- neokyle
Source: StackOverflow