Secret

Example

Here’s an example of a Secret.

.kubes/resources/shared/secret.rb

name "demo-secret"
data(
  username: base64("user"),
  password: base64("pass"),
)

Produces:

.kubes/output/shared/secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: demo-secret-cfbd534f91
  labels:
    app: demo
  namespace: default
data:
  username: dXNlcg==
  password: cGFzcw==

Suffix Hash

A suffix hash based on the contents of the Secret is automatically appended to the Secret name. Secrets used in Deployment and Pod containers fields that use the same name will also have the suffix automatically appended. This is done to trigger a rolling deployment. Here’s an example an deployment output with the hashed name.

.kubes/resources/web/deployment.yaml:

# ..
spec:
  template:
    spec:
      containers:
      - name: demo
        image: nginx
        envFrom:
        - secretRef:
            name: demo-secret

Produces:

.kubes/output/web/deployment.yaml:

# ..
spec:
  template:
    spec:
      containers:
      - name: demo
        image: nginx
        envFrom:
        - secretRef:
            name: demo-secret-cfbd534f91

You can disable the auto hasher behavior with:

Kubes.configure do |config|
  # ...
  config.suffix_hash = false
end

Files Helper

You can use a files helper to load secrets values from one or more files.

.kubes/resources/shared/secret.rb

name "demo-secret"
files("files/secrets.txt")

The files/secrets.txt should be in the same folder as the secret.rb definition. Example:

.kubes/resources/shared/files/secret.txt

SECRET1=value1
SECRET2=value2

You do not have to worry about base64 encoding the values. Kubes automatically base64 encodes the values.

DSL Methods

Here’s a list of more common methods:

  • data
  • stringData
  • type

For a full list of the available methods, refer to the source itself syntax/secret.rb.