DEV Community

Cover image for K8s Exercise: Secrets
Akshay Rao
Akshay Rao

Posted on

K8s Exercise: Secrets

Introduction
Hi, I am Akshay Rao, will be starting a exercise series on k8s.
In this blog there will not explanation only problems and solutions.if you want explanation have a look at this series:-
https://dev.to/aksrao1998/series/24887

Pre-requisite
have minikube or kind running in the local machine.

Note:- k is alias for kubectl.

Problem 1

  1. Create a secret called mysecret with the values password=mypass.
  2. Create a secret called mysecret2 that gets key/value from a file.
  3. Get the value of mysecret2

Solution

#1 soln
[k8s-ckad (⎈|minikube:mynamespace)]$ k create secret generic mysecret --from-literal=password=mypass
secret/mysecret created

#2 soln
[k8s-ckad (⎈|minikube:mynamespace)]$ echo -n admin > username
[k8s-ckad (⎈|minikube:mynamespace)]$ k create secret generic mysecret2 --from-file=username
secret/mysecret2 created
[k8s-ckad (⎈|minikube:mynamespace)]$ k get secrets
NAME        TYPE     DATA   AGE
mysecret    Opaque   1      5m32s
mysecret2   Opaque   1      19s

#3 soln
[k8s-ckad (⎈|minikube:mynamespace)]$ k get secret mysecret2 -o yaml
apiVersion: v1
data:
  username: YWRtaW4=
kind: Secret
metadata:
  creationTimestamp: "2023-10-29T16:27:43Z"
  name: mysecret2
  namespace: mynamespace
  resourceVersion: "968"
  uid: 6fa05aa1-fb8e-464e-9a81-11ef9833662a
type: Opaque

# the value of username is coded so need to decode it.
[k8s-ckad (⎈|minikube:mynamespace)]$ k get secret mysecret2 -o jsonpath='{.data.username}' | base64 -D
admin
Enter fullscreen mode Exit fullscreen mode

Problem 2
Create an nginx pod that mounts the secret mysecret2 in a volume on path /etc/foo.

Solution

[k8s-ckad (⎈|minikube:mynamespace)]$ k run nginx --image=nginx --dry-run=client -o yaml > pod4.yaml

#edit the pod4.yaml

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: nginx
  name: nginx
spec:
  volumes:
    - name: mysecrets
      secret:
        secretName: mysecret2
  containers:
  - image: nginx
    name: pod1
    resources: {}
    volumeMounts:
      - name: mysecrets
        mountPath: /etc/foo
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
[k8s-ckad (⎈|minikube:mynamespace)]$ k create -f pod4.yaml 
pod/nginx created
Enter fullscreen mode Exit fullscreen mode

Problem 3
Delete the pod you just created and mount the variable 'username' from secret mysecret2 onto a new nginx pod in env variable called 'USERNAME'

Solution

[k8s-ckad (⎈|minikube:mynamespace)]$ k delete pod nginx
pod "nginx" deleted

#edit the pod4.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: nginx
  name: nginx
spec:
  containers:
  - image: nginx
    name: pod1
    env:
      - name: USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret2
            key: username
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
[k8s-ckad (⎈|minikube:mynamespace)]$ k create -f pod4.yaml 
pod/nginx created

[k8s-ckad (⎈|minikube:mynamespace)]$ k exec nginx -- env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=nginx
USERNAME=admin
Enter fullscreen mode Exit fullscreen mode

Problem

  1. See all the service accounts of the cluster in all namespaces.
  2. Create a new serviceaccount called 'myuser'
  3. Create an nginx pod that uses 'myuser' as a service account
  4. Generate an API token for the service account 'myuser'

Solution

#1 soln
[k8s-ckad (⎈|minikube:mynamespace)]$ k get sa
NAME      SECRETS   AGE
default   0         42m

#2 soln
[k8s-ckad (⎈|minikube:mynamespace)]$ k create serviceaccount myuser
serviceaccount/myuser created

#3 soln
edit the pod4.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: nginx
  name: nginx
spec:
  serviceAccountName: myuser
  containers:
  - image: nginx
    name: pod1
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
[k8s-ckad (⎈|minikube:mynamespace)]$ k create -f pod4.yaml 
pod/nginx created
[k8s-ckad (⎈|minikube:mynamespace)]$ k describe pod nginx
Name:             nginx
Namespace:        mynamespace
Priority:         0
Service Account:  myuser
Node:             minikube/192.168.49.2
Start Time:       Mon, 30 Oct 2023 02:08:22 +0900

#4 soln
[ts-akshay.rao@JP-FVFZ91DHL414 k8s-ckad (⎈|minikube:mynamespace)]$ k create token myuser
eyJhbGciOiJSUzI1NiIsImtpZCI6IlcyR2FBcUpHb2lreVVfc2ZLOEJlUkZkenpTZHhEY0ZlYU9vWEJrYmVtb0kifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjk4NjAzMDk1LCJpYXQiOjE2OTg1OTk0OTUsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJteW5hbWVzcGFjZSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJteXVzZXIiLCJ1aWQiOiIyMTIyZTQxNC03ZjlmLTQxZWUtYjgyNi03MzhlYTgyNTY5MzIifX0sIm5iZiI6MTY5ODU5OTQ5NSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om15bmFtZXNwYWNlOm15dXNlciJ9.nC0yOa8TG8xMFKO_tmd9P0Wuzqp2C_yqoziokxAf67Kr9svN_wJWV3hQja4ULl48VTKOOyXopdF4fwbu6QNOnSJR2pHOTAwk9Klav6x3mBRHINQRdoMs8PvmrGNY7zdBB1cM83xHnpV_FxCZ6d-lDNY2gxc8OItCevvgqoh-ZChFXLIrpG6hVR12Q-1KqIntx71Q1l9HhkXvVTaGq-gZpiHgOBMh8n1Vq6fV2GjiB1r5atTlXFrhzM6D2YHkJTEZcTYi4AAVKrAQD-JIzQN0LRBoBWIPMtYOh7RE-IzrGoKgfWmwvHik8lNWS70G8qOvLZGL9R8M2DtrDPbQiZEp7Q

Enter fullscreen mode Exit fullscreen mode

I hope this helps you in practicing.
Thank you

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Top comments (0)

The Most Contextual AI Development Assistant

Pieces.app image

Our centralized storage agent works on-device, unifying various developer tools to proactively capture and enrich useful materials, streamline collaboration, and solve complex problems through a contextual understanding of your unique workflow.

👥 Ideal for solo developers, teams, and cross-company projects

Learn more