Kubernetes - Secrets

Step-01: Introduction

• Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.
• Storing confidential information in a Secret is safer and more flexible than putting it directly in a Pod definition or in a container image.

Step-02: Create Secret for MySQL DB Password

# Mac
echo -n 'dbpassword11' | base64

# URL: https://www.base64encode.org

Create Kubernetes Secrets manifest

apiVersion: v1
kind: Secret
metadata:
  name: mysql-db-password
#type: Opaque means that from kubernetes's point of view the contents of this Secret is unstructured.
#It can contain arbitrary key-value pairs. 
type: Opaque
data:
  # Output of echo -n 'Redhat1449' | base64
  db-password: ZGJwYXNzd29yZDEx

Step-03: Update secret in MySQL Deployment for DB Password

          env:
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mysql-db-password
                  key: db-password

Step-04: Update secret in UWA Deployment

• UMS means User Management Microservice

            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mysql-db-password
                  key: db-password

Step-05: Create & Test

# Create All Objects
kubectl apply -f kube-manifests/

# List Pods
kubectl get pods

# Get Public IP of Application
kubectl get svc

# Access Application
http://<External-IP-from-get-service-output>
Username: admin101
Password: password101

Step-06: Clean-Up

• Delete all k8s objects created as part of this section

# Delete All
kubectl delete -f kube-manifests/

# List Pods
kubectl get pods

# Verify sc, pvc, pv
kubectl get sc,pvc,pv