kbruner/Data Encryption Test Secret

## Data Encryption Test
root@nucklehead:~ # kubectl create secret generic kubernetes-the-hard-way \
  --from-literal="mykey=mydata"
secret/kubernetes-the-hard-way created
root@nucklehead:~ # ssh -i ~cbsd/.ssh/id_rsa ubuntu@controller-0 "sudo ETCDCTL_API=3 etcdctl get \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/etcd/ca.pem \
  --cert=/etc/etcd/kubernetes.pem \
  --key=/etc/etcd/kubernetes-key.pem\
  /registry/secrets/default/kubernetes-the-hard-way | hexdump -C"
00000000  2f 72 65 67 69 73 74 72  79 2f 73 65 63 72 65 74  |/registry/secret|
00000010  73 2f 64 65 66 61 75 6c  74 2f 6b 75 62 65 72 6e  |s/default/kubern|
00000020  65 74 65 73 2d 74 68 65  2d 68 61 72 64 2d 77 61  |etes-the-hard-wa|
00000030  79 0a 6b 38 73 3a 65 6e  63 3a 61 65 73 63 62 63  |y.k8s:enc:aescbc|
00000040  3a 76 31 3a 6b 65 79 31  3a b9 4f 7a c8 d3 b0 fb  |:v1:key1:.Oz....|
00000050  f9 a8 e5 9f c1 ab 96 d5  09 13 5e 3f 4f 95 2c 44  |..........^?O.,D|
00000060  64 52 7d ef 46 18 45 08  61 b1 4c 0a 4f 9d f7 46  |dR}.F.E.a.L.O..F|
00000070  79 90 7f 5d e3 56 0e 8c  9c ab 7f a8 26 57 5e 0b  |y..].V......&W^.|
00000080  0f 94 92 55 ec 9a 5c 97  5a c9 71 d5 79 91 01 a4  |...U..\.Z.q.y...|
00000090  24 b9 64 89 d2 bf 9c 0a  7c e3 88 1a dc ec 46 f2  |$.d.....|.....F.|
000000a0  c5 ef 98 fc 00 a0 35 8c  cf 2c 79 8f 07 67 f6 e0  |......5..,y..g..|
000000b0  21 64 09 42 48 c1 5a de  f1 00 53 c1 20 86 4b 01  |!d.BH.Z...S. .K.|
000000c0  fc 1c 25 a5 e9 a7 03 4e  2e 53 f8 cb 38 7a fb bd  |..%....N.S..8z..|
000000d0  6a 89 98 e5 49 04 d7 55  41 7a 84 0f 68 36 ac d6  |j...I..UAz..h6..|
000000e0  db a5 fc 4e 81 df 0a c3  d8 a0 73 82 22 92 ba a3  |...N......s."...|
000000f0  f8 38 80 e0 eb 37 e1 96  a3 24 b4 4e 2c 9e 56 60  |.8...7...$.N,.V`|
00000100  86 da 59 d2 29 bb af de  86 a2 a4 f8 a5 b2 d7 19  |..Y.)...........|
00000110  d3 db 21 4a ad ad 72 c7  86 de 71 f6 29 a8 61 f0  |..!J..r...q.).a.|
00000120  be 80 44 de 6d 65 95 9b  b9 e1 5b 5d 03 3e 6f 8f  |..D.me....[].>o.|
00000130  e2 c0 31 08 0e 73 93 bc  fd 24 66 5c 61 f6 76 a8  |..1..s...$f\a.v.|
00000140  8a 51 85 68 bc fb a3 ad  fa 74 ef be 6a f6 14 85  |.Q.h.....t..j...|
00000150  5d 2e cf ad 41 a4 b6 1b  72 0a                    |]...A...r.|
0000015a
root@nucklehead:~ #

## Deployments
root@nucklehead:~ # kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
root@nucklehead:~ # kubectl get pods -l app=nginx
NAME                    READY   STATUS    RESTARTS   AGE
nginx-f89759699-qqzvg   1/1     Running   0          3m28s
root@nucklehead:~ # POD_NAME=$(kubectl get pods -l app=nginx -o jsonpath="{.items[0].metadata.name}")
root@nucklehead:~ # kubectl port-forward $POD_NAME 8080:80
Forwarding from 127.0.0.1:8080 -> 80
Forwarding from [::1]:8080 -> 80
^Z[1] + Suspended               kubectl port-forward ${POD_NAME} 8080:80
root@nucklehead:~ # bg
[1] kubectl port-forward ${POD_NAME} 8080:80
root@nucklehead:~ # curl --head http://127.0.0.1:8080
Handling connection for 8080
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 01 Dec 2020 00:41:17 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 24 Nov 2020 13:02:03 GMT
Connection: keep-alive
ETag: "5fbd044b-264"
Accept-Ranges: bytes

root@nucklehead:~ # fg
kubectl port-forward ${POD_NAME} 8080:80
^Croot@nucklehead:~ #
root@nucklehead:~ # kubectl logs $POD_NAME
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
127.0.0.1 - - [01/Dec/2020:00:41:17 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.73.0" "-"
root@nucklehead:~ # kubectl exec -ti $POD_NAME -- nginx -v
nginx version: nginx/1.19.5
root@nucklehead:~ #
	root@nucklehead:~ # kubectl create secret generic kubernetes-the-hard-way \
	--from-literal="mykey=mydata"
	secret/kubernetes-the-hard-way created
	root@nucklehead:~ # ssh -i ~cbsd/.ssh/id_rsa ubuntu@controller-0 "sudo ETCDCTL_API=3 etcdctl get \
	--endpoints=https://127.0.0.1:2379 \
	--cacert=/etc/etcd/ca.pem \
	--cert=/etc/etcd/kubernetes.pem \
	--key=/etc/etcd/kubernetes-key.pem\
	/registry/secrets/default/kubernetes-the-hard-way \| hexdump -C"
	00000000 2f 72 65 67 69 73 74 72 79 2f 73 65 63 72 65 74 \|/registry/secret\|
	00000010 73 2f 64 65 66 61 75 6c 74 2f 6b 75 62 65 72 6e \|s/default/kubern\|
	00000020 65 74 65 73 2d 74 68 65 2d 68 61 72 64 2d 77 61 \|etes-the-hard-wa\|
	00000030 79 0a 6b 38 73 3a 65 6e 63 3a 61 65 73 63 62 63 \|y.k8s:enc:aescbc\|
	00000040 3a 76 31 3a 6b 65 79 31 3a b9 4f 7a c8 d3 b0 fb \|:v1:key1:.Oz....\|
	00000050 f9 a8 e5 9f c1 ab 96 d5 09 13 5e 3f 4f 95 2c 44 \|..........^?O.,D\|
	00000060 64 52 7d ef 46 18 45 08 61 b1 4c 0a 4f 9d f7 46 \|dR}.F.E.a.L.O..F\|
	00000070 79 90 7f 5d e3 56 0e 8c 9c ab 7f a8 26 57 5e 0b \|y..].V......&W^.\|
	00000080 0f 94 92 55 ec 9a 5c 97 5a c9 71 d5 79 91 01 a4 \|...U..\.Z.q.y...\|
	00000090 24 b9 64 89 d2 bf 9c 0a 7c e3 88 1a dc ec 46 f2 \|$.d.....\|.....F.\|
	000000a0 c5 ef 98 fc 00 a0 35 8c cf 2c 79 8f 07 67 f6 e0 \|......5..,y..g..\|
	000000b0 21 64 09 42 48 c1 5a de f1 00 53 c1 20 86 4b 01 \|!d.BH.Z...S. .K.\|
	000000c0 fc 1c 25 a5 e9 a7 03 4e 2e 53 f8 cb 38 7a fb bd \|..%....N.S..8z..\|
	000000d0 6a 89 98 e5 49 04 d7 55 41 7a 84 0f 68 36 ac d6 \|j...I..UAz..h6..\|
	000000e0 db a5 fc 4e 81 df 0a c3 d8 a0 73 82 22 92 ba a3 \|...N......s."...\|
	000000f0 f8 38 80 e0 eb 37 e1 96 a3 24 b4 4e 2c 9e 56 60 \|.8...7...$.N,.V`\|
	00000100 86 da 59 d2 29 bb af de 86 a2 a4 f8 a5 b2 d7 19 \|..Y.)...........\|
	00000110 d3 db 21 4a ad ad 72 c7 86 de 71 f6 29 a8 61 f0 \|..!J..r...q.).a.\|
	00000120 be 80 44 de 6d 65 95 9b b9 e1 5b 5d 03 3e 6f 8f \|..D.me....[].>o.\|
	00000130 e2 c0 31 08 0e 73 93 bc fd 24 66 5c 61 f6 76 a8 \|..1..s...$f\a.v.\|
	00000140 8a 51 85 68 bc fb a3 ad fa 74 ef be 6a f6 14 85 \|.Q.h.....t..j...\|
	00000150 5d 2e cf ad 41 a4 b6 1b 72 0a \|]...A...r.\|
	0000015a
	root@nucklehead:~ #
	root@nucklehead:~ # kubectl create deployment nginx --image=nginx
	deployment.apps/nginx created
	root@nucklehead:~ # kubectl get pods -l app=nginx
	NAME READY STATUS RESTARTS AGE
	nginx-f89759699-qqzvg 1/1 Running 0 3m28s
	root@nucklehead:~ # POD_NAME=$(kubectl get pods -l app=nginx -o jsonpath="{.items[0].metadata.name}")
	root@nucklehead:~ # kubectl port-forward $POD_NAME 8080:80
	Forwarding from 127.0.0.1:8080 -> 80
	Forwarding from [::1]:8080 -> 80
	^Z[1] + Suspended kubectl port-forward ${POD_NAME} 8080:80
	root@nucklehead:~ # bg
	[1] kubectl port-forward ${POD_NAME} 8080:80
	root@nucklehead:~ # curl --head http://127.0.0.1:8080
	Handling connection for 8080
	HTTP/1.1 200 OK
	Server: nginx/1.19.5
	Date: Tue, 01 Dec 2020 00:41:17 GMT
	Content-Type: text/html
	Content-Length: 612
	Last-Modified: Tue, 24 Nov 2020 13:02:03 GMT
	Connection: keep-alive
	ETag: "5fbd044b-264"
	Accept-Ranges: bytes

	root@nucklehead:~ # fg
	kubectl port-forward ${POD_NAME} 8080:80
	^Croot@nucklehead:~ #
	root@nucklehead:~ # kubectl logs $POD_NAME
	/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
	/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
	/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
	10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
	10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
	/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
	/docker-entrypoint.sh: Configuration complete; ready for start up
	127.0.0.1 - - [01/Dec/2020:00:41:17 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.73.0" "-"
	root@nucklehead:~ # kubectl exec -ti $POD_NAME -- nginx -v
	nginx version: nginx/1.19.5
	root@nucklehead:~ #