Manage Secrets in Kubernetes

Author:

Manage Secrets in Kubernetes

Task :

The Nautilus DevOps team is working to deploy some tools in Kubernetes cluster. Some of the tools are licence based so that licence information needs to be stored securely within Kubernetes cluster. Therefore, the team wants to utilize Kubernetes secrets to store those secrets. Below you can find more details about the requirements:

We already have a secret key file news.txt under /opt location on jump host. Create a secret named as news and it should contain the password/license-number present in news.txt file.

Also create a pod named secret-datacenter.

Configure pod’s spec as container name should be secret-container-datacenter, image should be debian preferably with latest tag (remember to mention the tag with image). Use command ‘/bin/bash’, ‘-c’ and ‘sleep 10000’ for container. Mount a volume named as secret-volume-datacenter. The mount path should be /opt/games and mode should be readOnly.

Mount the secret within this volume.

To verify you can exec into the container secret-container-datacenter, to check the secret key under the mounted path /opt/games.

Secret type should be generic.

Note: The kubectl utility on jump_host has been configured to work with the kubernetes cluster.

Solution :

thor@jump_host /$ kubectl create secret generic news --from-file=/opt/news.txt
secret/news created
thor@jump_host /$ cd /home/thor/
thor@jump_host ~$ vi secret-datacenter.yml
apiVersion: v1
kind: Pod
metadata:
  name: secret-datacenter
  labels:
    name: myapp
spec:
  volumes:
    - name: secret-volume-datacenter
      secret:
        secretName: news
  containers:
    - name: secret-container-datacenter
      image: debian:latest
      command: ["/bin/bash", "-c", "sleep 10000"]
      volumeMounts:
        - name: secret-volume-datacenter
          mountPath: /opt/games
          readOnly: true
thor@jump_host ~$ kubectl apply -f secret-datacenter.yml 
pod/secret-datacenter created
thor@jump_host ~$ kubectl exec -it secret-datacenter -- /bin/bash
root@secret-datacenter:/# cd /opt/games/
root@secret-datacenter:/opt/games# ls
news.txt
root@secret-datacenter:/opt/games# cat news.txt 
5ecur3!
root@secret-datacenter:/opt/games# exit
exit
thor@jump_host ~$
Categories: Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *