Manage Secrets in Kubernetes

Manage Secrets in Kubernetes

Task :

The Nautilus DevOps team is working to deploy some tools in Kubernetes cluster. Some of the tools are licence based so that licence information needs to be stored securely within Kubernetes cluster. Therefore, the team wants to utilize Kubernetes secrets to store those secrets. Below you can find more details about the requirements:

We already have a secret key file news.txt under /opt location on jump host. Create a secret named as news and it should contain the password/license-number present in news.txt file.

Also create a pod named secret-datacenter.

Configure pod’s spec as container name should be secret-container-datacenter, image should be debian preferably with latest tag (remember to mention the tag with image). Use command ‘/bin/bash’, ‘-c’ and ‘sleep 10000’ for container. Mount a volume named as secret-volume-datacenter. The mount path should be /opt/games and mode should be readOnly.

Mount the secret within this volume.

To verify you can exec into the container secret-container-datacenter, to check the secret key under the mounted path /opt/games.

Secret type should be generic.

Note: The kubectl utility on jump_host has been configured to work with the kubernetes cluster.

Solution :

[email protected]_host /$ kubectl create secret generic news --from-file=/opt/news.txt
secret/news created
[email protected]_host /$ cd /home/thor/
[email protected]_host ~$ vi secret-datacenter.yml
apiVersion: v1
kind: Pod
metadata:
  name: secret-datacenter
  labels:
    name: myapp
spec:
  volumes:
    - name: secret-volume-datacenter
      secret:
        secretName: news
  containers:
    - name: secret-container-datacenter
      image: debian:latest
      command: ["/bin/bash", "-c", "sleep 10000"]
      volumeMounts:
        - name: secret-volume-datacenter
          mountPath: /opt/games
          readOnly: true
[email protected]_host ~$ kubectl apply -f secret-datacenter.yml 
pod/secret-datacenter created
[email protected]_host ~$ kubectl exec -it secret-datacenter -- /bin/bash
[email protected]:/# cd /opt/games/
[email protected]:/opt/games# ls
news.txt
[email protected]:/opt/games# cat news.txt 
5ecur3!
[email protected]:/opt/games# exit
exit
[email protected]_host ~$

Leave a Reply

Your email address will not be published. Required fields are marked *