Secretes
ATCD is the database where master save data about nodes , so the secret will be created in ATCD encrypted , and he didn't put it in any Node until a pod need to use it. There is a resource to read it and it is a must to read before continue this article this is the link to the design of secretes read it and came back -> here
Files
the files also can be found in the DevOpsRepo in my github , if you already have it just pull it.
# app_055-cf.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: configs
data:
LANGUAGE: Polish
# app_055-sec.yml
apiVersion: v1
kind: Secret
metadata:
name: configs-sec
data:
API_KEY: MzMzLTQ0NC01NTUK
# app_055.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: envtest
spec:
selector:
matchLabels:
name: envtest
replicas: 1
template:
metadata:
labels:
name: envtest
spec:
containers:
- name: envtest
image: praqma/secrets-demo
imagePullPolicy: Always
ports:
- containerPort: 3000
env:
- name: LANGUAGE
valueFrom:
configMapKeyRef:
name: configs
key: LANGUAGE
- name: API_KEY
valueFrom:
secretKeyRef:
name: configs-sec
key: API_KEY
Lab
Will the ApiKey is a secret in fact , so we should put it in secret configs. to convert our keys to an encryption we use this command on Linux
echo "333-444-555" | base64
//output : MzMzLTQ0NC01NTUK
kubectl create -f app_055-sec.yml
kubectl create -f app_055-cf.yml
kubectl apply -f app_055.yml
then port-forward to 3000
kubectl port-forward envtest-767745d7b4-s6ld7 3000
