K8s Exercise: Secrets

Introduction
Hi, I am Akshay Rao, will be starting a exercise series on k8s.
In this blog there will not explanation only problems and solutions.if you want explanation have a look at this series:-
https://dev.to/aksrao1998/series/24887

Pre-requisite
have minikube or kind running in the local machine.

Note:- k is alias for kubectl.

Problem 1

1. Create a secret called mysecret with the values password=mypass.
2. Create a secret called mysecret2 that gets key/value from a file.
3. Get the value of mysecret2

Solution

#1 soln
[k8s-ckad (⎈|minikube:mynamespace)]$ k create secret generic mysecret --from-literal=password=mypass
secret/mysecret created

#2 soln
[k8s-ckad (⎈|minikube:mynamespace)]$ echo -n admin > username
[k8s-ckad (⎈|minikube:mynamespace)]$ k create secret generic mysecret2 --from-file=username
secret/mysecret2 created
[k8s-ckad (⎈|minikube:mynamespace)]$ k get secrets
NAME        TYPE     DATA   AGE
mysecret    Opaque   1      5m32s
mysecret2   Opaque   1      19s

#3 soln
[k8s-ckad (⎈|minikube:mynamespace)]$ k get secret mysecret2 -o yaml
apiVersion: v1
data:
  username: YWRtaW4=
kind: Secret
metadata:
  creationTimestamp: "2023-10-29T16:27:43Z"
  name: mysecret2
  namespace: mynamespace
  resourceVersion: "968"
  uid: 6fa05aa1-fb8e-464e-9a81-11ef9833662a
type: Opaque

# the value of username is coded so need to decode it.
[k8s-ckad (⎈|minikube:mynamespace)]$ k get secret mysecret2 -o jsonpath='{.data.username}' | base64 -D
admin

Problem 2
Create an nginx pod that mounts the secret mysecret2 in a volume on path /etc/foo.

Solution

[k8s-ckad (⎈|minikube:mynamespace)]$ k run nginx --image=nginx --dry-run=client -o yaml > pod4.yaml

#edit the pod4.yaml

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: nginx
  name: nginx
spec:
  volumes:
    - name: mysecrets
      secret:
        secretName: mysecret2
  containers:
  - image: nginx
    name: pod1
    resources: {}
    volumeMounts:
      - name: mysecrets
        mountPath: /etc/foo
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
[k8s-ckad (⎈|minikube:mynamespace)]$ k create -f pod4.yaml 
pod/nginx created

Problem 3
Delete the pod you just created and mount the variable 'username' from secret mysecret2 onto a new nginx pod in env variable called 'USERNAME'

Solution

[k8s-ckad (⎈|minikube:mynamespace)]$ k delete pod nginx
pod "nginx" deleted

#edit the pod4.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: nginx
  name: nginx
spec:
  containers:
  - image: nginx
    name: pod1
    env:
      - name: USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret2
            key: username
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
[k8s-ckad (⎈|minikube:mynamespace)]$ k create -f pod4.yaml 
pod/nginx created

[k8s-ckad (⎈|minikube:mynamespace)]$ k exec nginx -- env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=nginx
USERNAME=admin

Problem

1. See all the service accounts of the cluster in all namespaces.
2. Create a new serviceaccount called 'myuser'
3. Create an nginx pod that uses 'myuser' as a service account
4. Generate an API token for the service account 'myuser'

Solution

#1 soln
[k8s-ckad (⎈|minikube:mynamespace)]$ k get sa
NAME      SECRETS   AGE
default   0         42m

#2 soln
[k8s-ckad (⎈|minikube:mynamespace)]$ k create serviceaccount myuser
serviceaccount/myuser created

#3 soln
edit the pod4.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: nginx
  name: nginx
spec:
  serviceAccountName: myuser
  containers:
  - image: nginx
    name: pod1
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
[k8s-ckad (⎈|minikube:mynamespace)]$ k create -f pod4.yaml 
pod/nginx created
[k8s-ckad (⎈|minikube:mynamespace)]$ k describe pod nginx
Name:             nginx
Namespace:        mynamespace
Priority:         0
Service Account:  myuser
Node:             minikube/192.168.49.2
Start Time:       Mon, 30 Oct 2023 02:08:22 +0900

#4 soln
[ts-akshay.rao@JP-FVFZ91DHL414 k8s-ckad (⎈|minikube:mynamespace)]$ k create token myuser
eyJhbGciOiJSUzI1NiIsImtpZCI6IlcyR2FBcUpHb2lreVVfc2ZLOEJlUkZkenpTZHhEY0ZlYU9vWEJrYmVtb0kifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjk4NjAzMDk1LCJpYXQiOjE2OTg1OTk0OTUsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJteW5hbWVzcGFjZSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJteXVzZXIiLCJ1aWQiOiIyMTIyZTQxNC03ZjlmLTQxZWUtYjgyNi03MzhlYTgyNTY5MzIifX0sIm5iZiI6MTY5ODU5OTQ5NSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om15bmFtZXNwYWNlOm15dXNlciJ9.nC0yOa8TG8xMFKO_tmd9P0Wuzqp2C_yqoziokxAf67Kr9svN_wJWV3hQja4ULl48VTKOOyXopdF4fwbu6QNOnSJR2pHOTAwk9Klav6x3mBRHINQRdoMs8PvmrGNY7zdBB1cM83xHnpV_FxCZ6d-lDNY2gxc8OItCevvgqoh-ZChFXLIrpG6hVR12Q-1KqIntx71Q1l9HhkXvVTaGq-gZpiHgOBMh8n1Vq6fV2GjiB1r5atTlXFrhzM6D2YHkJTEZcTYi4AAVKrAQD-JIzQN0LRBoBWIPMtYOh7RE-IzrGoKgfWmwvHik8lNWS70G8qOvLZGL9R8M2DtrDPbQiZEp7Q

I hope this helps you in practicing.
Thank you