Skip to content

Instantly share code, notes, and snippets.

@mutuadavid93

mutuadavid93/Kubernetes_Secrets_and_ConfigMaps.yaml

Created June 17, 2019 11:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mutuadavid93/b056e491359432047a64b0a0be275d19 to your computer and use it in GitHub Desktop.
Save mutuadavid93/b056e491359432047a64b0a0be275d19 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Kubernetes_Secrets_and_ConfigMaps.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: mariadb
name: mariadb-deployment
spec:
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
containers:
-
name: mariadb
image: 'docker.io/mariadb:10.4'
env:
-
name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-root-password
key: password
envFrom:
-
secretRef:
name: mariadb-user-creds
ports:
-
containerPort: 3306
protocol: TCP
volumeMounts:
-
mountPath: /var/lib/mysql
name: mariadb-volume-1
-
mountPath: /etc/mysql/conf.d
name: mariadb-config-volume
volumes:
-
emptyDir: {}
name: mariadb-volume-1
-
configMap:
name: mariadb-config
items:
-
key: max_allowed_packet.cnf
path: max_allowed_packet.cnf
name: mariadb-config-volume
Raw
Secret_and_Config_Notes.txt
#################################
###### Kubernetes SECRETS
#################################
Note: Both Secrets and ConfigMaps can be exposed inside a container as
mounted files or volumes or environment variables.
Definition: Kubernetes objects to store small amount of sensitive data.
e.g. Database Passwords.
CASE: MariaDB on Kubernetes
A. Manual Secret Creation:
==========================
1. Create a secrete containing the MYSQL_ROOT_PASSWORD, choose a password and convert
it to base64
## From the Terminal generate a base64 password;
echo -n 'KubernetesRocks!' | base64
LW4gJ0t1YmVybmV0ZXNSb2NrcyEnIA0K is the password.
2. Now use the base64 password to create our Secret YAML file:
## File reference:
secrets/mysql-secret.yaml
3. Apply our secret into Kubernetes:
## Create Secrete:
kubectl apply -f secrets/mysql-secret.yaml
## Check it out:
kubectl describe secret/mariadb-root-password
## Edit the secret if you need to:
kubectl edit secret/mariadb-root-password
## Decode the Secret and pipe it through base64:
Note: Incase it doesn't decode, decode it online.
kubectl get secret/mariadb-root-password -o jsonpath='{.data.password}'
B. Kubernetes built in way Secret Creation: [Much Simpler]
==========================================================
Use --from-literal to set as many Key/Value pairs as you wish.
## Create the Secrets:
kubectl create secret generic mariadb-user-creds --from-literal=MYSQL_USER=kubeuser --from-literal=MYSQL_PASSWORD=kube-still-rocks
## Confirm that they are actually there:
kubectl get secret mariadb-user-creds -o jsonpath="{.data.MYSQL_USER}" | base64 --decode -
kubectl get secret mariadb-user-creds -o jsonpath="{.data.MYSQL_PASSWORD}" | base64 --decode -
#################################
###### Kubernetes ConfigMap
#################################
Definition: Similar to Secrets but store less sensitive data. Thus great
for storing environmental variables and config files.
Also used to create customized running services from generic container images.
### scenario:
Override the default max_allowed_packet in MariaDB from 16M to 64M
reference: ./max_allowed_packet.cnf
## Create a ConfigMap named mariadb-config
kubectl create configmap mariadb-config --from-file=max_allowed_packet.cnf
Note: Using --from-file=max_allowed_packet.cnf in kubectl above, creates
Stores the name of the file as the Key e.g. max_allowed_packet.cnf verbatim
Stores the file contents as Value.
Hint: You can explicitly set Key/Value with below option:
--from-file=<key_name>=<filename.extensiontype>
e.g. --from-file=max-packet=max_allowed_packet.cnf
Incase of multiple files, use additional --from-file=<filename> arguments to
store those.
### Validate the ConfigMap was really created:
kubectl get configmap mariadb-config
### View the ConfigMap's file contents:
kubectl describe configmap mariadb-config
### You can edit the ConfigMap properties live on Kubernetes:
kubectl edit configmap mariadb-config
### Confirm Edited contents:
Hint: Escape '.' before extensiontype.
kubectl get configmap mariadb-config -o "jsonpath={.data['max_allowed_packet\.cnf']}"
######################################
###### Secrets and ConfigMap Usage
######################################
Hint:
Can be mounted as environment variables or as files within a container.
Example: MariaDB scenario
Mount Secrets as environmental variables and ConfigMap as files.
### First create a mariadb deployment.
reference: ./mariadb-deployment.yaml
Example: mariadb-root-password Secret addition
==============================================
Specify the Secret and the key you want by adding an env list/array to the
container spec in the Deployment and setting the environment variable value
to the value of the key in your Secret.
Example: mariadb-root-password max_allowed_packet.cnf file addition
====================================================================
Add ConfigMap as a container volumeMount
Note:
Both Secrets and ConfigMaps can be the source of Kubernetes "volumes" and mounted
into the containers.
This aint persistent data store.
Q. Whereb to add the ConfigMap:
Add it under volume list and reference it inside the volumeMount along with a name.
### Now create the mariadb instance:
kubectl create -f mariadb-deployment.yaml
### Confirm the Secret and ConfigMap are being used inside the MariaDB container.
kubectl exec -it <pod_name> env | grep MYSQL
### Confirm the ConfigMap file "max_allowed_packet.cnf" is stored
inside "/etc/mysql/conf.d"
kubectl exec -it <pod_name> ls /etc/mysql/conf.d
REF: Always use this Site to Clean your YAML files:
https://onlineyamltools.com/prettify-yaml
#######################
!!! YES SUCCESS !!!
Now the MariaDB has the environmental variables available for it to use.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment