I have a deployment config for an app, that (among other things) creates a secret for a mysql database:
---
apiVersion: v1
kind: Secret
metadata:
name: mysql-secret
type: Opaque
data:
MYSQL_USER: my_user
MYSQL_PASSWORD: my_random_secret
MYSQL_DATABASE: my_db
MYSQL_ROOT_PASSWORD: my_random_secret
---
etc...The deployment file is under source control, so I don't want to place the secrets there.
Does anyone know how I can tell Kubernetes to generate random strings for each variable which has my_random_secret as a value in my example? Preferably something that can be configured using the yaml file, without needing to invoke any extra commands.
As far I have understood that you do not want to keep your secret information locally. So that you need to generate them when you are creating that secret.
I think there is a way to create Kubernetes resource using go-template. Didn't find enough information for that. I can't help you in this way.
But you can also create secret using script. And your secret will not be exposed.
Following script can help you in that case. This will generate random password for you and will create secret with that.
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Secret
metadata:
name: mysql-secret
type: Opaque
data:
MYSQL_PASSWORD: $(head -c 24 /dev/random | base64)
MYSQL_ROOT_PASSWORD: $(head -c 24 /dev/random | base64)
stringData:
MYSQL_USER: my_user
MYSQL_DATABASE: my_db
EOFRun this script.
Hope it will work for you
You can also use open ssl
openssl rand -base64 32Or if you need plaintext/numbers:
openssl rand -base64 32 | tr -cd '[:alpha:]\n'Or if you don't want the trailing CR:
openssl rand -base64 32 | tr -cd '[:alpha:]'Note that anything longer than -base64 48 might add CRs to the output. Adjust your tr to taste, e.g.
openssl rand -base64 128 | tr -cd '[:alpha:]'will concatenate the multiple lines from openssl, but omit a trailing \n as well