How can I copy a Kubernetes secret from one namespace to a different namespace?. A Secret is a Kubernetes object that stores sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in an image but for sharing across Pods and services it is better be done as Kubernetes object. Kubernetes cluster users can create secrets and the system also creates some secrets.
In this guide we will copy a secret already created in a namespace or project if using OpenShift and apply it to a different namespace. This is often applicable to secrets such registry secrets, shared git credentials, SSL Certificates and Keys, shared API credentials e.t.c. We will create a test secret and show you how to copy it from one project to another.
Creating Kubernetes Secrets
We will create a secret with username and password from file.
echo -n 'admin' > ./username.txt
echo -n 'Password' > ./password.txt
Run the kubectl create secret command to package these files into a Secret and create the object on the API server.
$ kubectl create secret generic my-user-pass --from-file=./username.txt --from-file=./password.txt
secret/my-user-pass created
The name of a Secret object must be a valid DNS subdomain name.
List secrets:
$ kubectl get secrets
Copy Kubernetes Secrets Between Namespaces
Use the following command syntax to copy a secret from one namespace to a different namespace.
kubectl get secret
--namespace=
--export -o yaml |
kubectl apply --namespace= -f -
In my example I’ll run:
kubectl get secret my-user-pass
--namespace=namespace1
--export -o yaml |
kubectl apply --namespace=namespace2 -f -
Command execution output:
secret/my-user-pass created
Confirm secret creation in the namespace.
$ kubectl get secret -n namespace2 my-user-pass
NAME TYPE DATA AGE
my-user-pass Opaque 2 38s
Decrypt secret to confirm data is correct:
secret_name="my-user-pass"
namespace="namespace2"
kubectl get secret -n $namespace $secret_name -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"n"}}{{end}}'
Command output:
password.txt: Password
username.txt: admin
If you have jq you can use the following command to decrypt.
$ kubectl get secret my-user-pass -o json | jq '.data | map_values(@base64d)'
{
"password.txt": "Password",
"username.txt": "admin"
}
That is how you can easily copy secret between namespaces in Kubernetes and OpenShift Cluster.
Kubernetes Learning Videos:
<img data-ezsrc="https://kirelos.com/wp-content/uploads/2020/08/echo/icon_udemy-com.png" ezimgfmt="rs rscb8 src ng ngcb8" src="data:image/svg xml,”>Udemy.com
<img data-ezsrc="https://kirelos.com/wp-content/uploads/2020/08/echo/icon_udemy-com.png" ezimgfmt="rs rscb8 src ng ngcb8" src="data:image/svg xml,”>Udemy.com
<img data-ezsrc="https://kirelos.com/wp-content/uploads/2020/08/echo/icon_udemy-com.png" ezimgfmt="rs rscb8 src ng ngcb8" src="data:image/svg xml,”>Udemy.com
More guides:
Using Horizontal Pod Autoscaler on Kubernetes EKS Cluster
How to force delete a Kubernetes Namespace
How To Migrate Docker Compose Application to Kubernetes With Kompose