Join our Discord Server
Avinash Bendigeri Avinash is a developer-turned Technical writer skilled in core content creation. He has an excellent track record of blogging in areas like Docker, Kubernetes, IoT and AI.

How to add a Secret to a Deployment in Kubernetes using Kubectl patch

1 min read

In Kubernetes, secrets are used to securely store sensitive information such as passwords, API keys, and certificates. By adding secrets to your deployments, you can ensure that sensitive data is protected and accessed securely. In this blog post, we will explore how to add a secret to a Kubernetes deployment using the kubectl patch command, with a specific example using Nginx.

Prerequisites:

Before we begin, make sure you have the following prerequisites in place:

Step 1: Create a Secret

First, let’s create a secret that contains the sensitive data we want to add to our deployment. In this example, we’ll create a secret to store an SSL certificate for Nginx.

Create a file called nginx-secret.yaml and add the following content:

apiVersion: v1
kind: Secret
metadata:
  name: nginx-secret
type: Opaque
data:
  tls.crt: <base64-encoded-certificate-data>
  tls.key: <base64-encoded-key-data>

Replace and with the base64-encoded values of your SSL certificate and key, respectively.

Save the file and apply the secret to your cluster using the following command:

kubectl apply -f nginx-secret.yaml

Step 2: Update the Deployment

Next, we’ll update the deployment to include a reference to the secret we created. Open a terminal and run the following command:

kubectl patch deployment nginx-deployment -n ns1 --type='json' -p='[{"op": "add", "path": "/spec/template/spec/volumes", "value": [{"name": "nginx-secret-volume","secret": {"secretName": "nginx-secret"}}]}]'

In the above command:

  • nginx-deployment is the name of your deployment.
  • ns1 is the namespace where the deployment resides.
  • nginx-secret-volume is the name of the volume that will be mounted in the deployment.
  • nginx-secret is the name of the secret we created earlier.

The kubectl patch command updates the deployment’s JSON specification to include the new volume mount.

Step 3: Mount the Secret in the Deployment

Now that we have added the volume reference to the deployment, we need to mount it into the container running Nginx.

Edit your deployment YAML file (e.g., nginx-deployment.yaml) and add the following volumeMounts section under the containers section:

spec:
  containers:
  - name: nginx
    image: nginx:1.7.9
    ports:
    - containerPort: 80
    volumeMounts:
    - name: nginx-secret-volume
      mountPath: /etc/nginx/certs

Save the file and apply the changes to your deployment:

kubectl apply -f nginx-deployment.yaml

The deployment will be updated, and the Nginx container will mount the secret as a volume at the specified path.

Conclusion

By following these steps, you have successfully added a secret to a Kubernetes deployment using the kubectl patch command. This approach allows you to securely store sensitive information and make it available to your application pods without exposing the actual data in your deployment YAML files. Secrets provide an essential layer of security for managing confidential information in your Kubernetes clusters.

Remember to always handle secrets with caution, ensuring proper access controls and encryption practices to maintain the integrity and confidentiality of your sensitive data in your Kubernetes deployments.

Have Queries? Join https://launchpass.com/collabnix

Avinash Bendigeri Avinash is a developer-turned Technical writer skilled in core content creation. He has an excellent track record of blogging in areas like Docker, Kubernetes, IoT and AI.
Join our Discord Server
Index