Ingress is also used to manage incoming traffic to the application and for SSL termination. In contrast, secrets are used to store confidential information and TLS certificates for the application.
This post will clarify:
What are the Kubernetes secrets?
Secrets is one of the Kubernetes resources used to store confidential information such as user login credentials, keys, certificates or tokens. Secrets can be created individually and associated with pods. This prevents the developer from providing confidential data in the code and also provides an additional layer of security. Various types of secrets can be created and used. The most commonly used secrets are:
Common Secrets: Common secrets are used to store basic information like passwords, tokens, API keys, OAuth keys, etc.
TLS secrets: TLS secrets are used to store private keys and certificates signed by CAs. To ensure the security of applications running inside Kubernetes and secure communications within the cluster, the user usually needs to create and embed a TLS secret in the pod.
Docker Registry: It is used to store Docker registry credentials to easily pull images from the registry.
Prerequisite: Generate private key and certificate
To generate certificates and private keys for security improvements, use OpenSSL which generates CSRs (certificate signing requests) and private keys. Then, use the CSR to generate a self-signed or CA certificate.
To use OpenSSL commands on Windows, users are required to install Git. For this purpose, follow our link “Install Git on Windows” article.
After installing Git, follow the instructions below to generate the private key and signed certificate.
Step 1: Launch Git Bash Terminal
“Do a search for”git bash“In the Start menu and launch Terminal:
Use ” to check the current directoryPublic Works Department” Permission:
Currently, we are working in the %USERPROFILE% directory:
Step 2: Create New Directory
Create a new directory to save the certificate and private key:
Navigate to the newly created directory using “CD” Permission:
Step 3: Generate Private Key
Now, generate the private key through the given command. Here, the generated private key will be saved in “mycert.key,
openssl genpeak -Algorithm RSA -Outside mycert.key
Step 4: Generate CSR
To generate CSR (Certificate Service Request) to get signed certificate, use the given command:
openssl request -New -key mycert.key -Outside mycert.csr
Step 5: Prepare the Certificate
Finally, using the generated private key and CSR, create a certificate and save it in “mycert.crt” file. For this purpose, execute the command below:
openssl x509 -Demand -In mycert.csr -sinky mycert.key -Outside mycert.crt -Day 365
After creating the TLS certificate, the user can create the secret TLS by following the section below.
How to create secret TLS in Kubernetes?
To ensure application security and secure communications within and outside the Kubernetes cluster, TLS (Transport Layer Security) certificates are required which are used in encrypting data. Kubernetes secrets allows us to embed TLS certificates with running pods via secret TLS. To create a secret TLS in Kubernetes, follow the following instructions.
Step 1: Start the Minikube Cluster
To start the Minikube cluster, first, launch Windows PowerShell as administrator. After that, create and run the cluster using “minikube start” Permission:
Step 2: Get Nodes
Access the Kubernetes node to check if the cluster is started:
Step 3: Create secret TLS
Create TLS secret using “” in Kuberneteskubectl create secret <गुप्त-प्रकार> <गुप्त-नाम> –cert=
kubectl create secret tls demo-secret –cert=C:\Users\Dell\cert\mycert.crt –key=C:\Users\Dell\cert\mycert.key
Step 4: Get the Secret
For confirmation, list the Kubernetes secret using the given command:
Here, you can see that we have effectively created a “demo-secret” that contains “2“Data Value:
Step 5: Describe the mystery
To see how data is viewed or stored in a secret, use “Describe the secret”kubectl secrets <गुप्त-नाम> describes” Permission:
kubectl describes secret demo-secret
You can see that the values are stored in bytes and cannot be viewed directly, unlike Kubernetes ConfigurationMaps:
How to create a secret TLS via yaml file?
To create a secret TLS via yaml file, first, create a “secret.yml“file, add TLS Base64 Encoded Certificate In “tls.crt” key, and add base64 encoded key In “tls.key,
For demonstration, follow the steps listed.
Step 1: Create Yaml File
Create a file namedsecret.ymlAnd paste the given code:
APIVersion, v1
data,
tls.crt, “Base64 Encoded Certificate”
tls.key, “base64 encoded key”
Kind, Secret
metadata,
Name, mytls-secret
namespace, default
Type, kubernetes.io/tls
In the above snippet, replace the “tls.crt” and “tls.key” key values with your root certificate and key values:
Step 2: Create a mystery
Now, apply the secret yaml file via “kubectl apply -f
apply kubectl -F secret.yml
The output shows that we have successfully “created”mytls-secret“Using yaml file:
Note: See TLS certificate and private key
To view the base64 encoded certificate and use it in the yaml file, run “Cat <पथ-से-प्रमाणपत्र फ़ाइल> , base 64Command in git bash terminal:
To view the Base64 encoded key, use “Cat <पथ-से-कुंजी फ़ाइल> , base 64” Permission:
How to embed covert TLS with Kubernetes pod?
After creating the secret TSL, the user can embed it with a Kubernetes pod. To do this, use the following instructions.
Step 1: Create Yaml File
Create a file namedpod.yml” file and paste the below snippet into the file:
Type: Pod
Metadata:
Name: demo-pod
Specialty:
Container:
– Name: html-cont
Image: raffia098,html-img:1.0
from env:
– Secret Reference:
Name: demo-secret
In the above snippet:
- ,KindThe key specifies the Kubernetes resource the user is creating.
- ,NameThe key will set the pod name.
- ,containersThe key will store container information.
- ,NameThe key under the “Containers” key will set the container name.
- ,imageThe key will provide the application or container image to create and start the application inside the container.
- ,envFromThe key will set environment variables from other Kubernetes resources. Here, to embed covert TLS into a pod, “secret reference” is used to provide secret context. To embed the TLS secret above, specify the name of the secret in the “Name” key.
Step 2: Create or upgrade a pod
Next, open the folder where “pod.yml“File has been created:
CD C:\Users\Dell\Documents\Kubernetes\Secret
“Apply yaml file to create or reconfigure a pod using”apply kubectl” Permission:
Step 3: Access Kubernetes Pods
To verify, list the Kubernetes pods:
Here, you can see that we have “made”demo-pod“Successfully:
Step 4: Describe the Pod
To check if a pod has embedded secret TLS, describe the pod using the command below:
Kubectl describes pod demo-pod
The output below shows that we have successfully embedded the TLS secret with the pod:
We've covered how to create secret TLS and embed it with a Kubernetes application running in a pod.
conclusion
To create secret TLS in Kubernetes, first, create a TLS signing certificate and private key. After that, start the Kubernetes cluster and run “kubectl create secret <गुप्त-प्रकार> <गुप्त-नाम> –cert=