Skip to content

jvanjankumar/kubernetes-SealedSecret

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
configmaps.yml
configmaps.yml
 
 
deployment.yml
deployment.yml
 
 
master.pem
master.pem
 
 
pv.yml
pv.yml
 
 
pvc.yml
pvc.yml
 
 
sealed-secret-mysql.yaml
sealed-secret-mysql.yaml
 
 

Repository files navigation

kubernetes-SealedSecret

Pre-Requisites

kubernetes cluster

kubernetes cluster - minikube

minikube setup

Install SealedSecret

echo "**** Installing kubeseal ****"

export VERSION_KUBESEAL=0.17.5
curl -LO https://github.com/bitnami-labs/sealed-secrets/releases/download/v${VERSION_KUBESEAL}/kubeseal-${VERSION_KUBESEAL}-linux-amd64.tar.gz
tar -xzvf kubeseal-${VERSION_KUBESEAL}-linux-amd64.tar.gz
chmod +x kubeseal
 mv kubeseal /usr/bin/

Deploy the sealed-secret controller

wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/controller.yaml
kubectl apply -f controller.yaml

You can check the status of your deployment by using the following command

kubectl get pods -n kube-system | grep sealed-secrets-controller

Create Secret file as shown below in local

---
apiVersion: v1
kind: Secret
metadata:
  name: <name-of-secret>
data:
  user: <base64encode>
  password: <base64encode>

Get master key (means certificate to seal a secret) from sealedsecret

kubeseal --fetch-cert > master-key.pem

Seal Secret with master key

kubeseal --cert=master-key.pem  --format=yaml < <secret-file>.yaml > sealed-secret.yaml

Unseal secret under cluster where we are using

kubectl apply -f sealed-secret.yaml

Deploy mysql with sealed secret

Create sealed secret for secrets.yaml (This file not required to push to Github)

kubeseal --fetch-cert > master.pem 
kubeseal --cert=master.pem --format=yaml < secrets.yml > sealed-secret-mysql.yaml

Deploying mysql in kubernetes cluster

kubectl apply -f pv.yml
kubectl apply -f pvc.yml
kubectl apply -f configmaps.yml
kubectl apply -f sealed-secret-mysql.yaml         # This secret will be unseal using controller and master.pem file
kubectl apply -f deployment.yml

Note: Push sealed secret file to Github and share master.pem personally who required to unseal, Here I have given master key for understanding

Connect to mysql pod

kubectl exec -it <pod-name> -- /bin/bash

Connect to mysql

mysql -u naresh -p
Provide password for mysql

Connect to mysqldb

 use mysqldb

Create "employee" table in mysqldb

create table employee( empno varchar(40), ename varchar(40));

Insert data into "employee" table

insert into employee(empno, ename) values("101","Naresh");

Check table data

select * from employee;

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published