Lab: Secrets and ConfigMaps

Lab Daemon sets:

If you update DaemonSets using configuration files, use kubectl apply:

kubectl apply -f https://k8s.io/examples/controllers/fluentd-daemonset-update.yaml

Imperative commands
If you update DaemonSets using imperative commands, use kubectl edit :

kubectl edit ds/fluentd-elasticsearch -n kube-system

Updating only the container image
If you only need to update the container image in the DaemonSet template, i.e. .spec.template.spec.containers[*].image, use kubectl set image:

kubectl set image ds/fluentd-elasticsearch fluentd-elasticsearch=quay.io/fluentd_elasticsearch/fluentd:v2.6.0 -n kube-system

———————————————————————————————————————————————————————————————-

This labs contain configmaps and secret labs

  • ConfigMaps using env and volume
  • Secrets using env and volume

Lab1: Create configmap

  1. apiVersion: v1: This indicates that the ConfigMap is using the Kubernetes API version 1.
  2. kind: ConfigMap: This specifies the type of Kubernetes resource, which is a ConfigMap in this case.
  3. metadata: This section contains metadata about the ConfigMap, such as its name and other optional information.
    • name: game-demo: This is the name of the ConfigMap.
  4. data: This section contains the actual configuration data stored within the ConfigMap. The data is organized using key-value pairs.
    • player_initial_lives: "3": This sets a property-like key player_initial_lives with the value “3”.
    • ui_properties_file_name: "user-interface.properties": This sets a property-like key ui_properties_file_name with the value “user-interface.properties”.
    • game.properties: |: This sets a file-like key game.properties with a multi-line value. The content following the colon (|) is treated as a block of text.
    • user-interface.properties: |: This sets a file-like key user-interface.properties with a multi-line value. The content following the colon (|) is treated as a block of text.
kubectl create -f cm.yaml
kubectl get cm
kubectl describe cm game-demo

Lab2: Map the config map to Pod

    • env: Environment variables to be set within the container.
      • name: PLAYER_INITIAL_LIVES: The name of the environment variable.The valueFrom field specifies that the value of this environment variable will be sourced from the “game-demo” ConfigMap, specifically from the “player_initial_lives” key.
      • name: UI_PROPERTIES_FILE_NAME: Another environment variable, sourced from the “ui_properties_file_name” key in the “game-demo” ConfigMap.
    • volumeMounts: Describes how volumes are mounted into containers.
      • name: config: Refers to the name of the volume defined at the Pod level.
      • mountPath: "/config": The path inside the container where the volume should be mounted.
      • readOnly: true: The mounted volume is set to read-only.
  • volumes: Defines volumes to be used in the Pod.
    • name: config: The name of the volume.The configMap field specifies that this volume is sourced from a ConfigMap named “game-demo”.
      • items: An array of keys from the ConfigMap to create as files within the volume.
        • key: "game.properties": The key within the ConfigMap whose value should be used to create a file.
          • path: "game.properties": The path where the file will be created within the volume.
        • key: "user-interface.properties": Similarly, this key’s value will be used to create a file.
          • path: "user-interface.properties": The path where the file will be created within the volume.
kubectl create -f cm-pod.yaml
kubectl describe pod configmap-demo-pod
kubectl exec configmap-demo-pod -c demo -it -- /bin/sh
export
ls /config/
exit

Lab 3: Secret (Create using command line)

echo -n 'root' > ./username.txt
echo -n 'Mq2D#(8gf09' > ./password.txt
kubectl create secret generic db-cerds \
--from-file=./username.txt \
--from-file=./password.txt
kubectl get secret/db-cerds
kubectl describe secret/db-cerds

Lab 4: Create Secret using yaml file

encode username and password using base64

echo -n 'root' | base64
echo -n 'Mq2D#(8gf09' | base64

kubectl create -f sec.yaml
kubectl get secret
kubectl describe secret database-creds

Lab 5: Map secret as env in Pod

kubectl create -f secenvpod.yaml
kubectl describe pod php-mysql-app
kubectl exec php-mysql-app -c php-app -it -- /bin/bash
#check the env value
export
exit
#Delete the pod
kubectl delete -f secenvpod.yaml

Lab6: Map secret as volume

kubectl create -f secvolpod.yaml
kubectl describe pod redis-pod
#check inside the container "/etc/dbcreds"
kubectl exec redis-pod -c redis-pod -it -- ls /etc/dbcreds/