Our course you can check :- Udemy course
Ques:-
DevOps team is working to deploy some tools in Kubernetes cluster. Some of the tools are licence based so that licence information needs to be stored securely within Kubernetes cluster. Therefore, the team wants to utilize Kubernetes secrets to store those secrets. Below you can find more details about the requirements:
We already have a secret key file blog.txt under /opt location on jump host. Create a generic secret named blog, it should contain the password/license-number present in blog.txt file.
Also create a pod named secret-datacenter.
Configure pod's spec as container name should be secret-container-datacenter, image should be debian with latest tag (remember to mention the tag with image). Use sleep command for container so that it remains in running state. Consume the created secret and mount it under /opt/demo within the container.
To verify you can exec into the container secret-container-datacenter, to check the secret key under the mounted path /opt/demo.
Ans:-
Here’s the complete Kubernetes YAML manifest to meet your requirements:
Assuming you're on the jump host and blog.txt contains the license/password:
raj@jumphost ~$ cat /opt/blog.txt
5ecur3
This creates a secret named blog with a key blog and the value being the contents of blog.txt.
raj@jumphost ~$ kubectl create secret generic blog --from-file=blog=/opt/blog.txt
secret/blog created
Pod Definition with Secret Mounted
raj@jumphost ~$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-datacenter
spec:
containers:
- name: secret-container-datacenter
image: debian:latest
command: ["sleep", "3600"]
volumeMounts:
- name: blog-secret
mountPath: /opt/demo
readOnly: true
volumes:
- name: blog-secret
secret:
secretName: blog
raj@jumphost ~$ kubectl apply -f pod.yaml
pod/secret-datacenter created
raj@jumphost ~$ kubectl get all
NAME READY STATUS RESTARTS AGE
pod/secret-datacenter 1/1 Running 0 9s
Once the pod is running, you can verify the secret is mounted:
raj@jumphost ~$ kubectl exec -it secret-datacenter -- bash
Inside the container:You should see the contents of blog.txt.
root@secret-datacenter:/# cat /opt/demo/blog
5ecur3
root@secret-datacenter:/#
Conclusion:-
In this hands-on tutorial, you'll learn how to securely manage sensitive data like license keys or passwords in a Kubernetes cluster using Kubernetes Secrets. We’ll walk through:
- Creating a generic secret from a license key file (
blog.txt) - Deploying a pod (
secret-datacenter) with a Debian container - Mounting the secret as a volume inside the container at
/opt/demo - Verifying the secret inside the running container
This video is ideal for DevOps engineers and Kubernetes practitioners who want to learn best practices for handling confidential data in containerized environments.
No comments:
Post a Comment