Kubernetes Secrets - q-uest/notes-doc-k8s-docker-jenkins-all-else GitHub Wiki

Kubernetes accepts only the encoded data. Hence, encode the required secret values and provide them in the yaml file. The values to be provided in the data section of the below example,jenkins-admin-password & jenkins-admin-user are decoded using the utility, “base64”

>> echo "admin" |base64
YWRtaW4K
>>echo "jenkins" |base64
amVua2lucwo=

To get plain text of the data in any secret config:

>> echo YWRtaW4K |base64 -d

• Create secret object:

# Source: jenkins/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: jenkins
  namespace: jenkins
  labels:
    "app.kubernetes.io/name": 'jenkins'
    "helm.sh/chart": "jenkins-3.11.5"
    "app.kubernetes.io/managed-by": "Helm"
    "app.kubernetes.io/instance": "jenkins"
    "app.kubernetes.io/component": "jenkins-controller"
type: Opaque
data:
  jenkins-admin-password: "amVua2lucwo="
  jenkins-admin-user: "YWRtaW4K"

Get secret values

kubectl get secret jenkins -o jsonpath='{.data}'

output:

{"jenkins-admin-password":"amVua2lucwo=","jenkins-admin-user":"YWRtaW4="}

Get value set for the key "jenkins-admin-password" & Decode (in a single line):

kubectl get secret jenkins -o jsonpath='{.data.jenkins-admin-password}'|base64 --decode