diff --git a/kubernetes/secrets/README.md b/kubernetes/secrets/README.md index 08ca214..3816133 100644 --- a/kubernetes/secrets/README.md +++ b/kubernetes/secrets/README.md @@ -1,3 +1,70 @@ # Introduction to Kubernetes: Secrets -k8s-secrets \ No newline at end of file +k8s-secrets + +## Create a cluster with Kind + +``` +kind create cluster --name secrets --image kindest/node:v1.31.1 +``` + +## Our Secret + +We have a secret under `kubernetes/secrets/secret.json` + +``` +cat kubernetes/secrets/secret.json +``` + +## Using our secret in a container + +As a file: +``` +docker run -it -v $PWD/kubernetes/secrets/secret.json:/secrets/secret.json ubuntu:latest bash + +cat /secrets/secret.json +``` + +As environment variables: + +``` +api_key="somesecretgoeshere" +docker run -it -e API_KEY=$api_key ubuntu:latest bash + +echo $API_KEY +``` + +## Kubernetes Secret + +Read more about [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/) + + +## Create our secret + +There are two main ways we can create a Kubernetes secret.
+Either by creating the secret object with `kubectl create secret` or apply\create it declaratively using YAML with `kubectl apply -f` + +`kubectl create secret`: + +``` +kubectl create secret generic mysecret --from-file kubernetes/secrets/secret.json +``` + +`kubectl apply -f` or `kubectl create -f` allows us to define things declaratively using YAML files: + +``` +kubectl apply -f kubernetes/secrets/secret.yaml +``` + +## Use our secret + +In order to use our secret we add a `volume` to our pod spec and then mount that using a `volumeMount`
+We can also use a secret references as `env` variable
+ + +``` +kubectl apply -f kubernetes/secrets/pod.yaml +``` + + + diff --git a/kubernetes/secrets/pod.yaml b/kubernetes/secrets/pod.yaml new file mode 100644 index 0000000..4749872 --- /dev/null +++ b/kubernetes/secrets/pod.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Pod +metadata: + name: example-pod + namespace: default + labels: + app: example-app + test: test +spec: + nodeSelector: + kubernetes.io/os: linux + containers: + - name: example-app + image: aimvector/python:1.0.4 + imagePullPolicy: Always + ports: + - containerPort: 5000 + env: + - name: API_KEY + valueFrom: + secretKeyRef: + name: mysecret + key: api_key + volumeMounts: + - name: secret-volume + mountPath: /secrets/ + volumes: + - name: secret-volume + secret: + secretName: mysecret \ No newline at end of file diff --git a/kubernetes/secrets/secret.json b/kubernetes/secrets/secret.json new file mode 100644 index 0000000..088c7d9 --- /dev/null +++ b/kubernetes/secrets/secret.json @@ -0,0 +1,3 @@ +{ + "api_key" : "somesecretgoeshere" +} \ No newline at end of file diff --git a/kubernetes/secrets/secret.yaml b/kubernetes/secrets/secret.yaml index 568a251..b473c3b 100644 --- a/kubernetes/secrets/secret.yaml +++ b/kubernetes/secrets/secret.yaml @@ -2,11 +2,18 @@ apiVersion: v1 kind: Secret metadata: name: mysecret + namespace: default + labels: + app: example-app type: Opaque -stringData: - secret.json: |- - { - "api_key" : "somesecretgoeshere" - } +data: + api_key: c29tZXNlY3JldGdvZXNoZXJlCg== + secret.json: ew0KICAiYXBpX2tleSIgOiAic29tZXNlY3JldGdvZXNoZXJlIg0KfQ== +# stringData: +# secret.json: |- +# { +# "api_key" : "somesecretgoeshere" +# } + #kubectl create secret generic mysecret --from-file .\golang\secrets\secret.json \ No newline at end of file