0
0
Kubernetesdevops~30 mins

Secret types (Opaque, docker-registry, TLS) in Kubernetes - Mini Project: Build & Apply

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Kubernetes Secret Types: Opaque, docker-registry, TLS
📖 Scenario: You are managing a Kubernetes cluster for a small company. You need to securely store different types of sensitive data such as generic secrets, Docker registry credentials, and TLS certificates. Kubernetes provides different secret types for these use cases.In this project, you will create three Kubernetes secrets of types Opaque, kubernetes.io/dockerconfigjson, and kubernetes.io/tls to understand how to handle each type.
🎯 Goal: Create three Kubernetes secrets using YAML files: one Opaque secret with a username and password, one docker-registry secret with Docker registry credentials, and one TLS secret with certificate and key files. Then, verify the secrets are created correctly.
📋 What You'll Learn
Create an Opaque secret named my-opaque-secret with username and password data.
Create a docker-registry secret named my-docker-secret with Docker registry credentials.
Create a TLS secret named my-tls-secret with certificate and key files.
Use kubectl commands to apply the secrets and verify their creation.
💡 Why This Matters
🌍 Real World
Kubernetes secrets are used to store sensitive information like passwords, tokens, and certificates securely, preventing them from being exposed in plain text in configuration files or container images.
💼 Career
Knowing how to create and manage different Kubernetes secret types is essential for DevOps engineers and cloud administrators to secure applications running in Kubernetes clusters.
Progress0 / 4 steps
1
Create an Opaque secret YAML
Create a YAML file named opaque-secret.yaml that defines a Kubernetes secret of type Opaque named my-opaque-secret. Include the data fields username with value admin and password with value secret123. Use base64 encoding for the values.
Kubernetes
Need a hint?

Use echo -n 'admin' | base64 and echo -n 'secret123' | base64 to get base64 encoded values.

2
Create a docker-registry secret YAML
Create a YAML file named docker-secret.yaml that defines a Kubernetes secret of type kubernetes.io/dockerconfigjson named my-docker-secret. Use the following Docker registry credentials encoded in base64 inside the .dockerconfigjson key: server https://index.docker.io/v1/, username dockeruser, password dockersecret, email user@example.com. The .dockerconfigjson value must be a base64 encoded JSON string with these credentials.
Kubernetes
Need a hint?

Prepare a JSON like {"auths":{"https://index.docker.io/v1/":{"username":"dockeruser","password":"dockersecret","email":"user@example.com","auth":"ZG9ja2VydXNlcjpkb2NrZXJzZWNyZXQ="}}} and base64 encode it.

Replace dockerauth_token with base64 of dockeruser:dockersecret.

3
Create a TLS secret YAML
Create a YAML file named tls-secret.yaml that defines a Kubernetes secret of type kubernetes.io/tls named my-tls-secret. Use the keys tls.crt and tls.key with base64 encoded dummy certificate and key values: dummycert and dummykey respectively.
Kubernetes
Need a hint?

Base64 encode dummycert and dummykey using echo -n 'dummycert' | base64 and echo -n 'dummykey' | base64.

4
Apply and verify the secrets
Use kubectl apply -f to create the secrets from the YAML files opaque-secret.yaml, docker-secret.yaml, and tls-secret.yaml. Then, run kubectl get secrets my-opaque-secret my-docker-secret my-tls-secret -o yaml to display the secrets and verify their types and data keys.
Kubernetes
Need a hint?

Run kubectl apply -f for each YAML file, then kubectl get secrets with -o yaml to see details.