In this lab, you will learn how to use Kubernetes Secrets to securely manage sensitive information such as passwords, API keys, and other confidential data. You will create a secret, use it in your application, and verify that the application is properly configured. Each step builds upon the previous one, so make sure you follow along carefully.
Skills Graph
%%%%{init: {'theme':'neutral'}}%%%%
flowchart RL
kubernetes(("`Kubernetes`")) -.-> kubernetes/BasicsGroup(["`Basics`"])
kubernetes(("`Kubernetes`")) -.-> kubernetes/BasicCommandsGroup(["`Basic Commands`"])
kubernetes(("`Kubernetes`")) -.-> kubernetes/AdvancedCommandsGroup(["`Advanced Commands`"])
kubernetes(("`Kubernetes`")) -.-> kubernetes/TroubleshootingandDebuggingCommandsGroup(["`Troubleshooting and Debugging Commands`"])
kubernetes/BasicsGroup -.-> kubernetes/initialization("`Initialization`")
kubernetes/BasicCommandsGroup -.-> kubernetes/get("`Get`")
kubernetes/BasicCommandsGroup -.-> kubernetes/create("`Create`")
kubernetes/AdvancedCommandsGroup -.-> kubernetes/apply("`Apply`")
kubernetes/TroubleshootingandDebuggingCommandsGroup -.-> kubernetes/describe("`Describe`")
kubernetes/TroubleshootingandDebuggingCommandsGroup -.-> kubernetes/exec("`Exec`")
subgraph Lab Skills
kubernetes/initialization -.-> lab-8448{{"`Configuring Apps with Secrets`"}}
kubernetes/get -.-> lab-8448{{"`Configuring Apps with Secrets`"}}
kubernetes/create -.-> lab-8448{{"`Configuring Apps with Secrets`"}}
kubernetes/apply -.-> lab-8448{{"`Configuring Apps with Secrets`"}}
kubernetes/describe -.-> lab-8448{{"`Configuring Apps with Secrets`"}}
kubernetes/exec -.-> lab-8448{{"`Configuring Apps with Secrets`"}}
end
Start the Minikube Cluster
Before creating resources, you need a running Kubernetes cluster. Minikube is a lightweight Kubernetes environment that runs on your local machine.
Navigate to your working directory:
Open the terminal and navigate to the default project folder:
cd /home/labex/project
Start Minikube:
Start Minikube to initialize a Kubernetes cluster:
minikube start
This command sets up a single-node Kubernetes cluster on your local machine.
Minikube may take a few minutes to start depending on your system's performance.
Verify Minikube is running:
Check the status of the Minikube cluster:
minikube status
Look for components like kubelet and apiserver listed as Running.
If the cluster is not running, rerun minikube start.
If you encounter issues starting Minikube. Use minikube delete to reset the environment if needed.
Create A Secret
In this step, you will create a Kubernetes Secret that contains a database password.
Create a file named my-secret.yaml with the following contents:
In this file, we specify the name of the Deployment (my-app), the image to use (my-image), and the environment variable to set (DATABASE_PASSWORD). We also use a secretKeyRef to retrieve the password key from the my-secret Secret.
Apply the Deployment to your cluster by running the following command:
kubectl apply -f my-app.yaml
Verify that the Deployment was created by running the following command:
kubectl get deployments
You should see the my-app Deployment listed.
Verify The Configuration
In this step, you will verify that your application is properly configured with the database password from the my-secret Secret.
Find the name of the pod running your application by running the following command:
kubectl get pods -l app=my-app
You should see a single pod running your application. Note the name of the pod.
Next, run the following command to open a shell session in the container running your application:
kubectl exec -it pod-name -- /bin/sh
Replace <pod-name> with the name of the pod that you noted earlier.
Once you are in the shell session, run the following command to print the value of the DATABASE_PASSWORD environment variable:
echo $DATABASE_PASSWORD
You should see the database password that was retrieved from the my-secret Secret.
Mount The Secret As A Volume In A Pod
Now that we have created the secret, we can mount it as a volume in a pod. We will create a simple pod that reads the secret value from the mounted volume and outputs it to the console.
Create a file named pod.yaml with the following contents:
In this step, you will verify that your application is properly configured with the database password from the my-secret Secret.
First, run the following command to open a shell session in the container running your application:
kubectl exec -it secret-pod -- sh
Once you are in the shell session, run the following command to print the value:
cat /etc/secret-volume/password
The output should be the value of the secret.
Summary
In this lab, we learned how to use Kubernetes secrets to store sensitive information and how to use them in a pod. Secrets provide a secure way to manage sensitive information and should be used whenever possible to avoid exposing secrets in plaintext.
We use cookies for a number of reasons, such as keeping the website reliable and secure, to improve your experience on our website and to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy