Kubernetes: modify a secret using the kubectl?

守給你的承諾、 提交于 2019-12-20 11:10:39

问题


How can I modify the values in a Kubernetes secret using the kubectl?

I created the secret with kubernetes create secret generic, but there does not seem to be a way to modify a secret. For example, to add a new secret-value to it, or to change a secret-value in it.

I assume i can go 'low-level', and write the yaml-file and do a kubectl edit but I hope there is a simpler way.

(I'm using kubernetes 1.2.x)


回答1:


The most direct (and interactive) way should be to execute kubectl edit secret <my secret>. Run kubectl get secrets if you'd like to see the list of secrets managed by Kubernetes.




回答2:


As I found myself in the need of modifying a secret, I landed up here.

Here is the most convenient way I found for editing a (one-line) secret.

This elaborates on kubectl edit secret <my secret> of Timo Reimann above.

kubectl edit secret <my secret> will (in my case) invoke vi.

Now I move the cursor to the space after the colon of the secret I want to edit.

Then I press r and [enter] which will put the base64 encoded value onto a line of its own.

Now I enter :. ! base64 -D which will decode the current line.

After making my changes to the value, I enter :. ! base64 which will encode the changed value.

Pressing k [shift]J will rejoin the secret name and its new value.

:wq will write the new secretfile and quit vi.

P.S. If the secret has a multi-line value, switch on line numbers (:set nu) and, after changing the decoded value, use A,B ! base64 where A and B are the line numbers of the first and last line of the value.

P.P.S I just learned the hard way that base64 will receive the text to encode with an appended newline :( If this is no issue for your values - fine. Otherwise my current solution is to filter this out with: .!perl -pe chomp | base64




回答3:


In case you prefer a non-interactive update, this is one way of doing it:

kubectl get secret mysecret -o json | jq '.data["foo"]="YmFy"' | kubectl apply -f -

Note that YmFy is a base64-encoded bar string. If you want to pass the value as an argument, jq allows you to do that:

kubectl get secret mysecret -o json | jq --arg foo "$(echo bar | base64)" '.data["foo"]=$foo' | kubectl apply -f -

I'm more comfortable using jq but yq should also do the job if you prefer yaml format.




回答4:


I implemented a kubectl plugin just for this.

To install using krew

kubectl krew update
kubectl krew install modify-secret

To run it

kubectl modify-secret xyz -n kube-system

Demo

<img src="https://github.com/rajatjindal/kubectl-modify-secret/raw/master/demo/usage.gif" alt="using kubectl-modify-secret plugin" style="max-width:100%;">


来源:https://stackoverflow.com/questions/37180209/kubernetes-modify-a-secret-using-the-kubectl

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!