Manage Secrets in Kubernetes
The Nautilus DevOps team is working to deploy some tools in Kubernetes cluster. Some of the tools are licence based so that licence information needs to be stored securely within Kubernetes cluster. Therefore, the team wants to utilize Kubernetes secrets to store those secrets. Below you can find more details about the requirements:
We already have a secret key file news.txt under /opt location on jump host. Create a secret named as news and it should contain the password/license-number present in news.txt file.
Also create a pod named secret-datacenter.
Configure pod’s spec as container name should be secret-container-datacenter, image should be debian preferably with latest tag (remember to mention the tag with image). Use command ‘/bin/bash’, ‘-c’ and ‘sleep 10000’ for container. Mount a volume named as secret-volume-datacenter. The mount path should be /opt/games and mode should be readOnly.
Mount the secret within this volume.
To verify you can exec into the container secret-container-datacenter, to check the secret key under the mounted path /opt/games.
Secret type should be generic.
Note: The kubectl utility on jump_host has been configured to work with the kubernetes cluster.
[email protected]_host /$ kubectl create secret generic news --from-file=/opt/news.txt secret/news created [email protected]_host /$ cd /home/thor/ [email protected]_host ~$ vi secret-datacenter.yml apiVersion: v1 kind: Pod metadata: name: secret-datacenter labels: name: myapp spec: volumes: - name: secret-volume-datacenter secret: secretName: news containers: - name: secret-container-datacenter image: debian:latest command: ["/bin/bash", "-c", "sleep 10000"] volumeMounts: - name: secret-volume-datacenter mountPath: /opt/games readOnly: true [email protected]_host ~$ kubectl apply -f secret-datacenter.yml pod/secret-datacenter created [email protected]_host ~$ kubectl exec -it secret-datacenter -- /bin/bash [email protected]:/# cd /opt/games/ [email protected]:/opt/games# ls news.txt [email protected]:/opt/games# cat news.txt 5ecur3! [email protected]:/opt/games# exit exit [email protected]_host ~$