From b26bb7316446650000622c0c1eda09ce64454601 Mon Sep 17 00:00:00 2001
From: Leah Hanson <lhanson@pivotal.io>
Date: Wed, 7 Nov 2018 10:44:22 -0500
Subject: [PATCH] Add example of using secrets on windows

Based on https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-environment-variables

TODO: figure out how to make the link https://k8s.io/docs/getting-started-guides/windows/secret-pod.yaml work

- Used same secrets as standard instructions
- Used environment variables to inject secrets
- Updated windows/secret-pod.yaml to match new instructions
- Because pod needs to keep running, add a ping -t localhost so that the
pod is never "Completed". Linux uses nginx image, which has a default
command.

Signed-off-by: Ben Moss <bmoss@pivotal.io>
---
 .../getting-started-guides/windows/_index.md  | 24 ++++++++++-
 content/en/examples/windows/secret-pod.yaml   | 43 ++++++++-----------
 2 files changed, 41 insertions(+), 26 deletions(-)

diff --git a/content/en/docs/getting-started-guides/windows/_index.md b/content/en/docs/getting-started-guides/windows/_index.md
index 3cdcccc316f59..24dbe2368380d 100644
--- a/content/en/docs/getting-started-guides/windows/_index.md
+++ b/content/en/docs/getting-started-guides/windows/_index.md
@@ -50,7 +50,29 @@ Sample: stop web service to trigger restart
 
 #### Handling secrets
 
-Sample: database connection string
+1. Create a secret by following the [standard directions](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-secret)
+
+2. Configure your pod to receive the secret via an environment variable.
+ {{< codenew file="windows/secret-pod.yaml" >}}
+ 
+3. Deploy the pod and verify that it is running:
+  ```bash
+  kubectl create -f https://k8s.io/docs/getting-started-guides/windows/secret-pod.yaml
+  kubectl get pod secret-envars-test-pod
+  ```
+4. Open a shell into the container running the pod:
+  ```bash
+  kubectl exec -it secret-envars-test-pod -- powershell
+  ```
+5. See that the secret is in the environment variable:
+  ```powershell
+  echo $env:SECRET_USERNAME $env:SECRET_PASSWORD
+  ```
+    You should see the output:
+    ```
+    my-app
+    39528$vdg7Jb
+    ```
 
 ### Deploying a stateful application
 
diff --git a/content/en/examples/windows/secret-pod.yaml b/content/en/examples/windows/secret-pod.yaml
index f4a8122c0a694..25b141aa8ec97 100644
--- a/content/en/examples/windows/secret-pod.yaml
+++ b/content/en/examples/windows/secret-pod.yaml
@@ -1,32 +1,25 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mysecret
-type: Opaque
-data:
-  username: YWRtaW4=
-  password: MWYyZDFlMmU2N2Rm
-
 ---
-
 apiVersion: v1
 kind: Pod
 metadata:
-  name: my-secret-pod
+  name: secret-envars-test-pod
 spec:
   containers:
-  - name: my-secret-pod
-    image: microsoft/windowsservercore:1709
+  - name: envars-test-container
+    image: microsoft/windowsservercore:latest
+    imagePullPolicy: Never
+    command:
+    - ping
+    - -t
+    - localhost
     env:
-      - name: USERNAME
-        valueFrom:
-          secretKeyRef:
-            name: mysecret
-            key: username
-      - name: PASSWORD
-        valueFrom:
-          secretKeyRef:
-            name: mysecret
-            key: password
-  nodeSelector:
-    beta.kubernetes.io/os: windows
+    - name: SECRET_USERNAME
+      valueFrom:
+        secretKeyRef:
+          name: test-secret
+          key: username
+    - name: SECRET_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: test-secret
+          key: password