Kubernetes secrets
Kubernetes - 1/20/2021
> kc get pod
> kc describe pod mypod1
you can see the pw, but you have to secure it ..
We put password on command line on previous class. It was clear password, it can be a shoulder hacking ...
we use yaml code
- you put password on a box and safe it.
- You give box name to developer and tell that there is a box and password is there
- When you write code, give a reference of this box.
- On this box, you can keep other secret information such as pw, credit info ...
its on key value pair format and its a secret.
- In kubernetes term, it is called secret. (Ansible it is called vault)
* secret is not a way to encript your data, it is not... thats why we don't use any key.
Use case
> kc describe pod mypod1
- you won't be able to see the pw
- you give reference to the secret box.
secret
> kc get secrets
> kc delete all --all
> kc run -f
> kc get pods
kc logs mydb
-----------------
missing class
--------------
> kc getr secrets mysecrets
Displays the yaml output
> kc get secrets mysecret -o yaml
google for
base64 encode and decode
Two ways to create secret
create a secret from yaml
or
from command line
kubectl create --help
you can create secret, service, ingress, conjob, deployment and lots of other services
but no replication controller, only option is to create through yaml file.
kc create -f
> kc create secret -h
three kind of secrets
- docker-registry
- generic
- tls
kc create secret generic mys --from-literal=p1=redhat
> kc get secrets
> kc get pods
base64decode.net
or
use openssl command to create
ssl base64
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mysecret
key: u
- name: MYSQL_PASS
valueFrom:
secretKeyRef:
name: mysecret
key: up
- name: MYSQL_DATABASE
value: mpdb
No comments:
Post a Comment