From f9315b9d33a5886131d7d803fb791f20dcda1588 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Mon, 10 Mar 2025 09:58:46 +1100 Subject: [PATCH 1/3] k8s secret guide updates --- kubernetes/secrets/README.md | 69 +++++++++++++++++++++++++++++++++- kubernetes/secrets/pod.yaml | 30 +++++++++++++++ kubernetes/secrets/secret.json | 3 ++ kubernetes/secrets/secret.yaml | 17 ++++++--- 4 files changed, 113 insertions(+), 6 deletions(-) create mode 100644 kubernetes/secrets/pod.yaml create mode 100644 kubernetes/secrets/secret.json diff --git a/kubernetes/secrets/README.md b/kubernetes/secrets/README.md index 08ca214..aa97c12 100644 --- a/kubernetes/secrets/README.md +++ b/kubernetes/secrets/README.md @@ -1,3 +1,70 @@ # Introduction to Kubernetes: Secrets -k8s-secrets \ No newline at end of file +k8s-secrets + +## Create a cluster with Kind + +``` +kind create cluster --name secrets --image kindest/node:v1.31.1 +``` + +## Our Secret + +We have a secret under `kubernetes/secrets/secret.json` + +``` +cat kubernetes/secrets/secret.json +``` + +## Using our secret in a container + +As a file: +``` +docker run -it -v $PWD/kubernetes/secrets/secret.json:/secrets/secret.json ubuntu:latest bash + +cat /secrets/secret.json +``` + +As environment variables: + +``` +api_key="somesecretgoeshere" +docker run -it -e API_KEY=$api_key ubuntu:latest bash + +echo $API_KEY +``` + +## Kubernetes Secret + +Read more about [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/) + + +## Create our secret + +There are two main ways we can create a Kubernetes secret.
+Either by creating the secret object with `kubectl create secret` or apply\create it declaratively using YAML with `kubectl apply -f` + +`kubectl create secret`: + +``` +kubectl create secret generic mysecret --from-file kubernetes/secrets/secret.json +``` + +`kubectl apply -f` or `kubectl create -f` allows us to define things declaratively using YAML files: + +``` +kubectl apply -f kubernetes/secrets/secret.yaml +``` + +## Use our secret + +In order to use our secret we add a `volume` to our pod spec and then mount that using a `volumeMount`
+We can also use a secret references as `env` variable
+ + +``` +kubectl apply -f kubernetes/secrets/pod.yaml +``` + + + diff --git a/kubernetes/secrets/pod.yaml b/kubernetes/secrets/pod.yaml new file mode 100644 index 0000000..4749872 --- /dev/null +++ b/kubernetes/secrets/pod.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Pod +metadata: + name: example-pod + namespace: default + labels: + app: example-app + test: test +spec: + nodeSelector: + kubernetes.io/os: linux + containers: + - name: example-app + image: aimvector/python:1.0.4 + imagePullPolicy: Always + ports: + - containerPort: 5000 + env: + - name: API_KEY + valueFrom: + secretKeyRef: + name: mysecret + key: api_key + volumeMounts: + - name: secret-volume + mountPath: /secrets/ + volumes: + - name: secret-volume + secret: + secretName: mysecret \ No newline at end of file diff --git a/kubernetes/secrets/secret.json b/kubernetes/secrets/secret.json new file mode 100644 index 0000000..088c7d9 --- /dev/null +++ b/kubernetes/secrets/secret.json @@ -0,0 +1,3 @@ +{ + "api_key" : "somesecretgoeshere" +} \ No newline at end of file diff --git a/kubernetes/secrets/secret.yaml b/kubernetes/secrets/secret.yaml index 568a251..b473c3b 100644 --- a/kubernetes/secrets/secret.yaml +++ b/kubernetes/secrets/secret.yaml @@ -2,11 +2,18 @@ apiVersion: v1 kind: Secret metadata: name: mysecret + namespace: default + labels: + app: example-app type: Opaque -stringData: - secret.json: |- - { - "api_key" : "somesecretgoeshere" - } +data: + api_key: c29tZXNlY3JldGdvZXNoZXJlCg== + secret.json: ew0KICAiYXBpX2tleSIgOiAic29tZXNlY3JldGdvZXNoZXJlIg0KfQ== +# stringData: +# secret.json: |- +# { +# "api_key" : "somesecretgoeshere" +# } + #kubectl create secret generic mysecret --from-file .\golang\secrets\secret.json \ No newline at end of file From 3dc59d66f932f1206b2058e96d408fdad69072b8 Mon Sep 17 00:00:00 2001 From: Marcel Dempers <34320559+marcel-dempers@users.noreply.github.com> Date: Mon, 17 Mar 2025 21:20:34 +1100 Subject: [PATCH 2/3] secret updates --- kubernetes/secrets/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/secrets/README.md b/kubernetes/secrets/README.md index aa97c12..3816133 100644 --- a/kubernetes/secrets/README.md +++ b/kubernetes/secrets/README.md @@ -1,6 +1,6 @@ # Introduction to Kubernetes: Secrets -k8s-secrets +k8s-secrets ## Create a cluster with Kind From 7df717d9cc16bf2d4ab103b13622a00c966a2fa0 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Thu, 3 Apr 2025 14:09:38 +1100 Subject: [PATCH 3/3] helm updates --- kubernetes/helm/README.md | 10 +++++----- kubernetes/helm/example-app/templates/deployment.yaml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/kubernetes/helm/README.md b/kubernetes/helm/README.md index 220d4ca..46eb49b 100644 --- a/kubernetes/helm/README.md +++ b/kubernetes/helm/README.md @@ -7,7 +7,7 @@ Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) ``` -kind create cluster --name helm --image kindest/node:v1.26.0 +kind create cluster --name helm --image kindest/node:v1.31.1 ``` # Getting Started with Helm @@ -32,16 +32,16 @@ export KUBE_EDITOR="nano" # test cluster access: /work # kubectl get nodes NAME STATUS ROLES AGE VERSION -helm-control-plane Ready master 26m v1.26.0 +helm-control-plane Ready control-plane 26m v1.31.1 ``` ## Install Helm CLI ``` -curl -LO https://get.helm.sh/helm-v3.4.0-linux-amd64.tar.gz -tar -C /tmp/ -zxvf helm-v3.4.0-linux-amd64.tar.gz -rm helm-v3.4.0-linux-amd64.tar.gz +curl -LO https://get.helm.sh/helm-v3.17.2-linux-amd64.tar.gz +tar -C /tmp/ -zxvf helm-v3.17.2-linux-amd64.tar.gz +rm helm-v3.17.2-linux-amd64.tar.gz mv /tmp/linux-amd64/helm /usr/local/bin/helm chmod +x /usr/local/bin/helm diff --git a/kubernetes/helm/example-app/templates/deployment.yaml b/kubernetes/helm/example-app/templates/deployment.yaml index da55125..c961fad 100644 --- a/kubernetes/helm/example-app/templates/deployment.yaml +++ b/kubernetes/helm/example-app/templates/deployment.yaml @@ -9,7 +9,7 @@ spec: selector: matchLabels: app: "{{ .Values.name }}" - replicas: 2 + replicas: {{ .Values.deployment.replicas | default 2 }} strategy: type: RollingUpdate rollingUpdate: