Thursday, February 28, 2019

How to copy kubernetes secrets & configmaps between namespaces and between clusters

Kubernetes Namespaces provide a scope for names. Names of resources need to be unique within a namespace, but not across namespaces. Namespaces are a way to divide cluster resources between multiple users.

Kubernetes Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in an image; putting it in a Secret object allows for more control over how it is used, and reduces the risk of accidental exposure.

The ConfigMap API resource provides mechanisms to inject containers with configuration data while keeping containers agnostic of Kubernetes. ConfigMap can be used to store fine-grained information like individual properties or coarse-grained information like entire config files or JSON blobs (https://unofficial-kubernetes.readthedocs.io/en/latest/tasks/configure-pod-container/configmap/).


Copy secrets between namespaces


$ kubectl get secret <secret-name> --namespace=<source-namespace> --export -o yaml |\  kubectl apply --namespace=<destination-namespace> -f -

Copy configmaps between namespaces


$ kubectl get configmap <configmap-name> --namespace=<source-namespace> --export -o yaml |\  kubectl apply --namespace=<destination-namespace> -f -

Copy secrets between kubernetes clusters


First log in to the source kubernetes cluster.
Then run below command to export required secret to a yaml file,

$ kubectl get secret <secret-name> -n <source-namespace>  --export -o yaml > <secret-name>.yml

You can view the content of the file using below command,

$ cat <secret-name>.yml

Now you can easily deploy exported secret to another kubernetes cluster,

$ kubectl apply --namespace=<destination-namespace> –f <secret-name>.yml

Copy configmaps between kubernetes clusters


First log in to the source kubernetes cluster.
Then run below command to export required configmap to a yaml file,

$ kubectl get configmap <configmap-name> -n <source-namespace> --export -o yaml > <configmap-name>.yml

You can view the content of the file using below command,

$ cat <configmap-name>.yml

Now you can easily deploy exported configmap to another kubernetes cluster,

$ kubectl apply --namespace=<destination-namespace> –f <configmap-name>.yml

5 comments: