K
Q

Can I retrieve k8s secret and use it outside of the cluster?

10/26/2020

If I want to save credential information in K8s and then retrieve it to use out of k8s, can I do it? and how?

-- Ya He
kubernetes
kubernetes-secrets

Similar Questions

How to expose NodePort in Kubernetes and connect
Kubenet Style Networking in GKE
Error initialising helm in k3s - "the server could not find the requested resource"
Label change of GKE terraform brought down entire cluster
Kubernetes API server is failing to start: api-server(master-host) host not found

2 Answers

10/26/2020

If you are able to run a pod inside the namespace which contains the secret you can create a pod which use the secret:

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: mypod
    image: redis
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
      readOnly: true
  volumes:
  - name: foo
    secret:
      secretName: mysecret

And then print the secret to stdout:

kubectl exec -it mypod -- ls /etc/foo/
kubectl exec -it mypod -- cat /etc/foo/secret.file
-- Fabrice Jammes
Source: StackOverflow
10/26/2020

Yes you can, but you probably shouldn't.

When you run kubectl get secret command, what it does behind the scenes is an api call to kubernetes api server.

To access the secret outside the cluster you will need to:

  • Have the Kubernetes api exposed to the client(if not in same network)
  • Setup authentication in order to create credentials used by external clients
  • Call the secrets endpoint. The endpoint is something like this /api/v1/namespaces/{namespace}/secrets

As said previous, you probably shouldn't do it, there are many tools available in the market to do secret management, they would be better suited for this kind of situation.

-- Diego Mendes
Source: StackOverflow