How can I copy a Kubernetes secret from one namespace to a different namespace?. A Secret is a Kubernetes object that stores sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in an image but for sharing across Pods and services it is better be done as Kubernetes object. Kubernetes cluster users can create secrets and the system also creates some secrets.

In this guide we will copy a secret already created in a namespace or project if using OpenShift and apply it to a different namespace. This is often applicable to secrets such registry secrets, shared git credentials, SSL Certificates and Keys, shared API credentials e.t.c. We will create a test secret and show you how to copy it from one project to another.

Creating Kubernetes Secrets

We will create a secret with username and password from file.

echo -n 'admin' > ./username.txt
echo -n 'Password' > ./password.txt

Run the kubectl create secret command to package these files into a Secret and create the object on the API server.

$ kubectl create secret generic my-user-pass --from-file=./username.txt --from-file=./password.txt
secret/my-user-pass created

The name of a Secret object must be a valid DNS subdomain name.

List secrets:

$ kubectl get secrets

Copy Kubernetes Secrets Between Namespaces

Use the following command syntax to copy a secret from one namespace to a different namespace.

kubectl get secret  
  --namespace= 
  --export -o yaml | 
  kubectl apply --namespace= -f -

In my example I’ll run:

kubectl get secret my-user-pass 
  --namespace=namespace1 
  --export -o yaml | 
  kubectl apply --namespace=namespace2 -f -

Command execution output:

secret/my-user-pass created

Confirm secret creation in the namespace.

$ kubectl get secret -n namespace2 my-user-pass
NAME         TYPE   DATA AGE
my-user-pass Opaque 2    38s

Decrypt secret to confirm data is correct:

secret_name="my-user-pass"
namespace="namespace2"
kubectl get secret -n $namespace $secret_name -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"n"}}{{end}}'

Command output:

password.txt: Password
username.txt: admin

If you have jq you can use the following command to decrypt.

$ kubectl get secret my-user-pass -o json | jq '.data | map_values(@base64d)'
{
  "password.txt": "Password",
  "username.txt": "admin"

}

That is how you can easily copy secret between namespaces in Kubernetes and OpenShift Cluster.

Kubernetes Learning Videos:


<img alt="Kubernetes for the Absolute Beginners – Hands-on" data-ezsrc="https://kirelos.com/wp-content/uploads/2020/08/echo/1602900_f550_8.jpg" ezimgfmt="rs rscb8 src ng ngcb8" src="data:image/svg xml,”>

<img data-ezsrc="https://kirelos.com/wp-content/uploads/2020/08/echo/icon_udemy-com.png" ezimgfmt="rs rscb8 src ng ngcb8" src="data:image/svg xml,”>Udemy.com


<img alt="Certified Kubernetes Administrator (CKA) with Practice Tests" data-ezsrc="https://kirelos.com/wp-content/uploads/2020/08/echo/2301254_26c8_2.jpg" ezimgfmt="rs rscb8 src ng ngcb8" src="data:image/svg xml,”>

<img data-ezsrc="https://kirelos.com/wp-content/uploads/2020/08/echo/icon_udemy-com.png" ezimgfmt="rs rscb8 src ng ngcb8" src="data:image/svg xml,”>Udemy.com


<img alt="Kubernetes Certified Application Developer (CKAD) with Tests" data-ezsrc="https://kirelos.com/wp-content/uploads/2020/08/echo/1988542_3bcb_10.jpg" ezimgfmt="rs rscb8 src ng ngcb8" src="data:image/svg xml,”>

<img data-ezsrc="https://kirelos.com/wp-content/uploads/2020/08/echo/icon_udemy-com.png" ezimgfmt="rs rscb8 src ng ngcb8" src="data:image/svg xml,”>Udemy.com

More guides:

Using Horizontal Pod Autoscaler on Kubernetes EKS Cluster

How to force delete a Kubernetes Namespace

How To Migrate Docker Compose Application to Kubernetes With Kompose

, , ,
Show Comments