You need to make changes on an existing Pod in Namespace moon called secret-handler. Create a new Secret secret1 which contains user=test and pass=pwd. The Secret's content should be available in Pod secret-handler as environment variables SECRET1_USER and SECRET1_PASS. The yaml for Pod secret-handler is available at /opt/course/14/secret-handler.yaml.
There is existing yaml for another Secret at /opt/course/14/secret2.yaml, create this Secret and mount it inside the same Pod at /tmp/secret2. Your changes should be saved under /opt/course/14/secret-handler-new.yaml. Both Secrets should only be available in Namespace moon.
k -n moon get pod # show pods
k -n moon create secret -h # help
k -n moon create secret generic -h # help
k -n moon create secret generic secret1 --from-literal user=test --from-literal pass=pwd
The last command would generate this yaml:
apiVersion: v1
data:
pass: cHdk
user: dGVzdA==
kind: Secret
metadata:
creationTimestamp: null
name: secret1
namespace: moon
Next we create the second Secret from the given location, making sure it'll be created in Namespace moon:
k -n moon -f /opt/course/14/secret2.yaml create
➜ k -n moon get secret
NAME TYPE DATA AGE
default-token-rvzcf kubernetes.io/service-account-token 3 66m
secret1 Opaque 2 4m3s
secret2 Opaque 1 8s
We will now edit the Pod yaml:
cp /opt/course/14/secret-handler.yaml /opt/course/14/secret-handler-new.yaml
vim /opt/course/14/secret-handler-new.yaml
Add the following to the yaml:
# /opt/course/14/secret-handler-new.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
id: secret-handler
uuid: 1428721e-8d1c-4c09-b5d6-afd79200c56a
red_ident: 9cf7a7c0-fdb2-4c35-9c13-c2a0bb52b4a9
type: automatic
name: secret-handler
namespace: moon
spec:
volumes:
- name: cache-volume1
emptyDir: {}
- name: cache-volume2
emptyDir: {}
- name: cache-volume3
emptyDir: {}
- name: secret2-volume # add
secret: # add
secretName: secret2 # add
containers:
- name: secret-handler
image: bash:5.0.11
args: ['bash', '-c', 'sleep 2d']
volumeMounts:
- mountPath: /cache1
name: cache-volume1
- mountPath: /cache2
name: cache-volume2
- mountPath: /cache3
name: cache-volume3
- name: secret2-volume # add
mountPath: /tmp/secret2 # add
env:
- name: SECRET_KEY_1
value: ">8$kH#kj..i8}HImQd{"
- name: SECRET_KEY_2
value: "IO=a4L/XkRdvN8jM=Y+"
- name: SECRET_KEY_3
value: "-7PA0_Z]>{pwa43r)__"
- name: SECRET1_USER # add
valueFrom: # add
secretKeyRef: # add
name: secret1 # add
key: user # add
- name: SECRET1_PASS # add
valueFrom: # add
secretKeyRef: # add
name: secret1 # add
key: pass # add
There is also the possibility to import all keys from a Secret as env variables at once, though the env variable names will then be the same as in the Secret, which doesn't work for the requirements here:
containers:
- name: secret-handler
...
envFrom:
- secretRef: # also works for configMapRef
name: secret1
Then we apply the changes:
k -f /opt/course/14/secret-handler.yaml delete --force --grace-period=0
k -f /opt/course/14/secret-handler-new.yaml create
Instead of running delete and create we can also use recreate:
k -f /opt/course/14/secret-handler-new.yaml replace --force --grace-period=0
It was not requested directly, but you should always confirm its working:
➜ k -n moon exec secret-handler -- env | grep SECRET1
SECRET1_USER=test
SECRET1_PASS=pwd
➜ k -n moon exec secret-handler -- find /tmp/secret2
/tmp/secret2
/tmp/secret2/..data
/tmp/secret2/key
/tmp/secret2/..2019_09_11_09_03_08.147048594
/tmp/secret2/..2019_09_11_09_03_08.147048594/key
➜ k -n moon exec secret-handler -- cat /tmp/secret2/key
12345678