DEV Community

Ajeet Singh Raina
Ajeet Singh Raina

Posted on

How to add a Secret to a Deployment in Kubernetes using Kubectl patch

In Kubernetes, secrets are used to securely store sensitive information such as passwords, API keys, and certificates. By adding secrets to your deployments, you can ensure that sensitive data is protected and accessed securely. In this blog post, we will explore how to add a secret to a Kubernetes deployment using the kubectl patch command, with a specific example using Nginx.

Prerequisites:

Before we begin, make sure you have the following prerequisites in place:

  • Kubernetes cluster up and running.
  • kubectl command-line tool installed and configured to connect to your cluster.

Step 1: Create a Secret

First, let's create a secret that contains the sensitive data we want to add to our deployment. In this example, we'll create a secret to store an SSL certificate for Nginx.

Create a file called nginx-secret.yaml and add the following content:

apiVersion: v1
kind: Secret
metadata:
  name: nginx-secret
type: Opaque
data:
  tls.crt: <base64-encoded-certificate-data>
  tls.key: <base64-encoded-key-data>
Enter fullscreen mode Exit fullscreen mode

Replace and with the base64-encoded values of your SSL certificate and key, respectively.

Save the file and apply the secret to your cluster using the following command:

kubectl apply -f nginx-secret.yaml
Enter fullscreen mode Exit fullscreen mode

Step 2: Update the Deployment

Next, we'll update the deployment to include a reference to the secret we created. Open a terminal and run the following command:

kubectl patch deployment nginx-deployment -n ns1 --type='json' -p='[{"op": "add", "path": "/spec/template/spec/volumes", "value": [{"name": "nginx-secret-volume","secret": {"secretName": "nginx-secret"}}]}]'
Enter fullscreen mode Exit fullscreen mode

In the above command:

  • nginx-deployment is the name of your deployment.
  • ns1 is the namespace where the deployment resides.
  • nginx-secret-volume is the name of the volume that will be mounted in the deployment.
  • nginx-secret is the name of the secret we created earlier.

The kubectl patch command updates the deployment's JSON specification to include the new volume mount.

Step 3: Mount the Secret in the Deployment

Now that we have added the volume reference to the deployment, we need to mount it into the container running Nginx.

Edit your deployment YAML file (e.g., nginx-deployment.yaml) and add the following volumeMounts section under the containers section:

spec:
  containers:
  - name: nginx
    image: nginx:1.7.9
    ports:
    - containerPort: 80
    volumeMounts:
    - name: nginx-secret-volume
      mountPath: /etc/nginx/certs
Enter fullscreen mode Exit fullscreen mode

Save the file and apply the changes to your deployment:

kubectl apply -f nginx-deployment.yaml
Enter fullscreen mode Exit fullscreen mode

The deployment will be updated, and the Nginx container will mount the secret as a volume at the specified path.

Conclusion

By following these steps, you have successfully added a secret to a Kubernetes deployment using the kubectl patch command. This approach allows you to securely store sensitive information and make it available to your application pods without exposing the actual data in your deployment YAML files. Secrets provide an essential layer of security for managing confidential information in your Kubernetes clusters.

Remember to always handle secrets with caution, ensuring proper access controls and encryption practices to maintain the integrity and confidentiality of your sensitive data in your Kubernetes deployments.

Top comments (0)