k8s/python: How do I read a secret using the Kubernetes Python client?

Question

I want to do the opposite of this question:

How to create secrets using Kubernetes Python client?

i.e.:

How do I read an existing secret from a kubernetes cluster via the kubernetes-python API?

The use case is: I want to authenticate to mongodb (running in my cluster) from a jupyter notebook (also running in my cluster) without, for obvious reasons, saving the mongodb auth password inside the jupyter notebook.

Thanks!

Answer 1

1. Install Kubernetes client for python
2. Now you can pull the secret. For example secret name - mysql-pass, namespace - default

from kubernetes import client, config
config.load_kube_config()
v1 = client.CoreV1Api()
secret = v1.read_namespaced_secret("mysql-pass", "default")
print(secret)

3. If you need to extract decoded password from the secret

from kubernetes import client, config
import base64
import sys    
config.load_kube_config()
v1 = client.CoreV1Api()
sec = str(v1.read_namespaced_secret("mysql-pass", "default").data)
pas = base64.b64decode(sec.strip().split()[1].translate(None, '}\''))
print(pas)

Hope this will help.

Answer 2

If you use kubernetes client api it will give you response as a dict datatype and you might not need to do spiting etc, You can say something like this,

from kubernetes import client, config
import base64
config.load_kube_config()
v1 = client.CoreV1Api()
sec = v1.read_namespaced_secret("default-token-rsbq7", "default").data
cert = base64.b64decode(sec["ca.crt"])
print(cert)