How to set secret files to kubernetes secrets by yaml?

As answered on previous post, we need to provide the certificate/key encoded as based64 to the file.

Here is generic example for a certiticate (in this case SSL):

The secret.yml.tmpl:

    apiVersion: v1        kind: Secret    metadata:         name: test-secret         namespace: default    type: Opaque    data:        server.crt: SERVER_CRT        server.key: SERVER_KEY

Pre-process the file to include the certificate/key:

sed "s/SERVER_CRT/`cat server.crt|base64 -w0`/g" secret.yml.tmpl | \sed "s/SERVER_KEY/`cat server.key|base64 -w0`/g" | \kubectl apply -f -

Note that the certificate/key are encoded using base64 without whitespaces (-w0).

For the TLS can be simply:

kubectl create secret tls test-secret-tls --cert=server.crt --key=server.key

You can use --dry-run flag to prepare YAML that contains data from your files.

kubectl create secret generic jwt-certificates --from-file=jwt-public.cer --from-file=jwt-private.pfx --dry-run=true  --output=yaml > jwt-secrets.yaml

Edit

Thanks to @Leopd for comment about API deprecation, new kubectl uses this command:

kubectl create secret generic jwt-certificates --from-file=jwt-public.cer --from-file=jwt-private.pfx --dry-run=client --output=yaml > jwt-secrets.yaml

On my machine I still have old kubectl version

When using the CLI format basically you're using a generator of the yaml before posting it to the server-side.

Since Kubernetes is client-server app with REST API in between, and the actions need to be atomic, the posted YAML needs to contain the content of the file, and best way to do that is by embedding it as a base64 format in-line. It would be nice if the file could be otherwise embedded (indentation maybe could be used to create the boundaries of the file), but I haven't seen any example of such until now.

That being said, putting a file reference on the yaml is not possible, there is no pre-flight rendering of the yaml to include the content.