Finding the secrets for a helm charts

Today’s short post is about Kubernetes secrets, and is more of a note to self than an intend to make others aware. I did take it upon myself to explain what secrets are and options.

A kubernetes secret is a handy way to keep your secure data stored: password, license keys, AuthToken, etc. Keeping data stored in k8s secrets alone doesn’t make it secure enough in some cases, but it is better than putting this values in a image definition. There are other solution that can work better depending on your needs, I will not go into any further details than just mentioning other options. The intention of this post is to cover the usage of secrets in Kubernetes.

Create a K8S secret

When using helm chart to install a software it oftens refers/requires certain secret, creating a secret is well documented here: https://kubernetes.io/docs/concepts/configuration/secret/#creating-a-secret-manually

Retrieving a K8S secret (this is the notetoself)

In some cases the helm charts will create the secret for you as it is in the case when you use the Gitea or Jenkins charts. To find out the password in this case you can use

  1. kubectl get secrets --all-namespaces
  2. kubectl get secrets jenkins -n jenkins -o yaml The oputput will be something like:
    apiVersion: v1
    data:
      jenkins-admin-password: UzBvbWVQYXNzdzByZCNOb3RUaDFTCg==
      jenkins-admin-user: YWRtaW4=
    kind: Secret
    metadata:
      creationTimestamp: 2020-08-13T14:38:20Z
      labels:
     app.kubernetes.io/component: jenkins-master
     app.kubernetes.io/instance: jenkins
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: jenkins
     helm.sh/chart: jenkins-2.5.0
      name: jenkins
      namespace: jenkins
      resourceVersion: "2759937"
      selfLink: /api/v1/namespaces/jenkins/secrets/jenkins
      uid: 9a46b5ab-0acd-448e-b7c5-37d6a18c7960
    
  3. echo -n UzBvbWVQYXNzdzByZCNOb3RUaDFTCg== |base64 -D Will display the secret in text value. Do not forget the -n for the echo command as it removes the newline character at the end