Seal a secret
How to seal a secret with Sealed Secrets.
Create generic secret
First just create the normal secret. Follow something of this format
apiVersion: v1
kind: Secret
metadata:
name: postgresql-default-credentials
namespace: postgresql
type: Opaque
data:
password: ""
postgres-password: ""
username: ""
[!NOTE]
Those values in the above manifest should be base64 encoded
Seal the secret
Make sure you have kubseal installed. This is working with kubseal 0.23.0
.
kubeseal --controller-namespace sealed-secrets \
--controller-name sealed-secrets \
--format yaml < secret.yaml > sealed-secret.yaml
ERROR cannot get sealed secret service
The controller-name
and controller-namespace
paramaters are misleading, they are
the name and namespace of the sealed-secrets service. Check the service with,
kubectl get services -n sealed-secrets