Kubernetes part8
Class 93 Kubernetes Part8 August 21st
Topic: Config maps ,Secrete
Config maps : non-sensitive information pod (container):
We will create config map file like this{port:300 , url:myql.com } attached to pod using those key pair value container will use them.
Secrets: sensitive information user and password , Secrets(encrypt)-->pod(container)
How many ways to CM will create
1.Literal(through CLI)
2.env-file
3.folder(not using)
(above two imperative)
4. manifest file (Declarative )
Practical:
Step1: Create one Ec2 machine amazon linux C7i-flex-large 25 Gb
Minikube installation
[root@ip-10-0-0-29 ~]# curl -LO https://github.com/kubernetes/minikube/releases/latest/download/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube && rm minikube-linux-amd64
[root@ip-10-0-0-29 bin]# chmod 777 minikube
[root@ip-10-0-0-29 bin]# minikube version
minikube version: v1.36.0
commit: f8f52f5de11fc6ad8244afac475e1d0f96841df1-dirty
[root@ip-10-0-0-29 bin]#
Docker Installation
[root@ip-10-0-0-29 bin]# yum install docker -y
[root@ip-10-0-0-29 bin]# systemctl start docker
[root@ip-10-0-0-29 bin]# minikube start --driver=docker --force
[root@ip-10-0-0-29 bin]# minikube status
minikube
type: Control Plane
host: Running
kubelet: Running
apiserver: Running
kubeconfig: Configured
Kubectl Installation
[root@ip-10-0-0-29 bin]# curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 138 100 138 0 0 1240 0 --:--:-- --:--:-- --:--:-- 1243
100 57.3M 100 57.3M 0 0 114M 0 --:--:-- --:--:-- --:--:-- 126M
-rwxrwxrwx. 1 root root 132766301 Aug 21 18:09 minikube
-rw-r--r--. 1 root root 60129464 Aug 21 18:18 kubectl
[root@ip-10-0-0-29 bin]# chmod +x kubectl
[root@ip-10-0-0-29 bin]# kubectl version
Client Version: v1.33.4
Kustomize Version: v5.6.0
Server Version: v1.33.1
Step2: Below one is by default config map file
[root@ip-10-0-0-29 bin]# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 16m
If you want see this config map file ,it has some certificate when do kubernete setup it will come default
[root@ip-10-0-0-29 bin]# kubectl describe cm kube-root-ca.crt
Name: kube-root-ca.crt
Namespace: default
-----BEGIN CERTIFICATE-----
Step3: using literal create one configmap file
[root@ip-10-0-0-29 bin]# kubectl create cm mycm1 --from-literal name=subbu --from-literal course=Devops --from-literal cloud=aws
configmap/mycm1 created
[root@ip-10-0-0-29 bin]# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 22m
mycm1 3 10s
[root@ip-10-0-0-29 bin]# kubectl describe cm mycm1
Name: mycm1
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
cloud:
----
aws
course:
----
Devops
name:
----
subbu
Step4:Create manifest file for pod creation
Here Environment --name:person is variable Key is name value assigned to the person variable
--Created one more config map file
[root@ip-10-0-0-29 bin]# kubectl create cm mycm2 --from-literal company=tcs --from-literal project=swiggy
configmap/mycm2 created
[root@ip-10-0-0-29 bin]# cat manifest.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: pod-1
spec:
containers:
- name: container1
image: nginx
ports:
- containerPort: 80
env:
- name: person
valueFrom:
configMapKeyRef:
key: name
name: mycm1
- name: secondvalue
valueFrom:
configMapKeyRef:
key: cloud
name: mycm1
- name: client
valueFrom:
configMapKeyRef:
key: project
name: mycm2
Step5: Create the pod
[root@ip-10-0-0-29 ~]# kubectl create -f manifest.yaml
pod/pod-1 created
[root@ip-10-0-0-29 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
pod-1 1/1 Running 0 9s
-- Go to inside the pod
[root@ip-10-0-0-29 ~]# kubectl exec -it pod-1 -- bash
root@pod-1:/#
-- printenv command shows the all environment variables for the system
all key value pair from coming from mycm1 and mycm2
root@pod-1:/# printenv
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_SERVICE_PORT=443
HOSTNAME=pod-1
PWD=/
person=subbu
PKG_RELEASE=1~bookworm
secondvalue=aws
HOME=/root
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
client=swiggy
DYNPKG_RELEASE=1~bookworm
NJS_VERSION=0.9.1
TERM=xterm
SHLVL=1
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
KUBERNETES_SERVICE_HOST=10.96.0.1
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NGINX_VERSION=1.29.1
NJS_RELEASE=1~bookworm
_=/usr/bin/printenv
Now Planning to complete config map file attach the pod (mycm2)
it has two key value pair company=tcs project=swiggy
Step1:
[root@ip-10-0-0-29 ~]# cat manifest.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: pod-1
spec:
containers:
- name: container1
image: nginx
ports:
- containerPort: 80
envFrom:
- configMapRef:
name: mycm2
Step2: Deleting existing po
[root@ip-10-0-0-29 ~]# kubectl create -f manifest.yaml
pod/pod-1 created
[root@ip-10-0-0-29 ~]# kubectl get po
NAME READY STATUS RESTARTS AGE
pod-1 1/1 Running 0 7s
[root@ip-10-0-0-29 ~]# kubectl create -f manifest.yaml
pod/pod-1 created
[root@ip-10-0-0-29 ~]# kubectl get po
NAME READY STATUS RESTARTS AGE
pod-1 1/1 Running 0 7s
--Go to inside the pod ,see here complete configmap file loaded into environment file
[root@ip-10-0-0-29 ~]# kubectl exec -it pod-1 -- bash
root@pod-1:/# printenv
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_SERVICE_PORT=443
project=swiggy
HOSTNAME=pod-1
PWD=/
PKG_RELEASE=1~bookworm
HOME=/root
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
DYNPKG_RELEASE=1~bookworm
NJS_VERSION=0.9.1
TERM=xterm
company=tcs
SHLVL=1
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
KUBERNETES_SERVICE_HOST=10.96.0.1
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NGINX_VERSION=1.29.1
NJS_RELEASE=1~bookworm
_=/usr/bin/printenv
2.env-file
Step1: Create one env file
[root@ip-10-0-0-29 ~]# vi one.env
[root@ip-10-0-0-29 ~]# cat one.env
app=swiggy
env=dev
team=devops
api=http://www.amazon.com
port:3000
Step2:Create configmap one config file we have place maximum size 1 MB for one config map file,
if required more then that kubernete volume we can use.
[root@ip-10-0-0-29 ~]# kubectl create cm amazon --from-env-file=one.env
configmap/amazon created
[root@ip-10-0-0-29 ~]# kubectl get cm
NAME DATA AGE
amazon 5 27s
kube-root-ca.crt 1 69m
mycm1 3 47m
mycm2 2 32m
Step3: attach the config map to pod ,just change the name of configmap name
[root@ip-10-0-0-29 ~]# cat manifest.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: pod-2
spec:
containers:
- name: container1
image: nginx
ports:
- containerPort: 80
envFrom:
- configMapRef:
name: amazon
[root@ip-10-0-0-29 ~]# kubectl create -f manifest.yaml
pod/pod-2 created
[root@ip-10-0-0-29 ~]# kubectl get po
NAME READY STATUS RESTARTS AGE
pod-1 1/1 Running 0 14m
pod-2 1/1 Running 0 9s
Step4: See below compelet confimap file loaded into envirornment file, general it is used application and database connect we are using this config map envfile
[root@ip-10-0-0-29 ~]# kubectl exec -it pod-2 -- bash
root@pod-2:/# printenv
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_SERVICE_PORT=443
env=dev
HOSTNAME=pod-2
PWD=/
app=swiggy
PKG_RELEASE=1~bookworm
api=http://www.amazon.com
HOME=/root
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
port=3000
DYNPKG_RELEASE=1~bookworm
team=devops
NJS_VERSION=0.9.1
TERM=xterm
SHLVL=1
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
KUBERNETES_SERVICE_HOST=10.96.0.1
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NGINX_VERSION=1.29.1
NJS_RELEASE=1~bookworm
_=/usr/bin/printenv
Delete the config map
[root@ip-10-0-0-29 ~]# kubectl get cm
NAME DATA AGE
amazon 5 12m
kube-root-ca.crt 1 81m
mycm1 3 59m
mycm2 2 44m
[root@ip-10-0-0-29 ~]# kubectl delete cm mycm1
configmap "mycm1" deleted
[root@ip-10-0-0-29 ~]# kubectl delete cm mycm2
configmap "mycm2" deleted
[root@ip-10-0-0-29 ~]# kubectl delete cm amazon
configmap "amazon" deleted
4. manifest file (Declarative )
Step1: Create manifest file we will give key value format, create the configmap,number should double quotes , other wise getting error unmarshal number
[root@ip-10-0-0-29 ~]# vi configmapdec.yaml
[root@ip-10-0-0-29 ~]# cat configmapdec.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: finalcm
data:
DB_URL: http://www.mysql.com
PORT: "3306"
Step2:create the configmap
[root@ip-10-0-0-29 ~]# kubectl create -f configmapdec.yaml
configmap/finalcm created
[root@ip-10-0-0-29 ~]# kubectl get cm
NAME DATA AGE
finalcm 2 10s
kube-root-ca.crt 1 92m
Secrets
Literal
Step1: Create secrets
[root@ip-10-0-0-29 ~]# kubectl get secret
No resources found in default namespace.
[root@ip-10-0-0-29 ~]# kubectl create secret generic mysec1 --from-literal username=subbu --from-literal password=admin123
secret/mysec1 created
[root@ip-10-0-0-29 ~]# kubectl get secret
NAME TYPE DATA AGE
mysec1 Opaque 2 47s
--See here values are encrypted ,only showing bytes
[root@ip-10-0-0-29 ~]# kubectl describe secret mysec1
Name: mysec1
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 8 bytes
username: 5 bytes
--As you need below user and password encrypted
[root@ip-10-0-0-29 ~]# kubectl describe secret mysec1 yaml
[root@ip-10-0-0-29 ~]# kubectl get secret mysec1 -o yaml
apiVersion: v1
data:
password: YWRtaW4xMjM=
username: c3ViYnU=
kind: Secret
metadata:
creationTimestamp: "2025-08-21T19:52:34Z"
name: mysec1
namespace: default
resourceVersion: "4999"
uid: d0dcb7ed-897d-4e12-bc79-21d9c171950e
type: Opaque
Env file :Encrpt
[root@ip-10-0-0-29 ~]# kubectl create secret generic envcmfile --from-env-file=one.env
secret/envcmfile created
[root@ip-10-0-0-29 ~]# kubectl get secret
NAME TYPE DATA AGE
envcmfile Opaque 5 11s
mysec1 Opaque 2 7m24s
[root@ip-10-0-0-29 ~]#
--See here envfile also encrypted
[root@ip-10-0-0-29 ~]# kubectl get secret envcmfile -o yaml
apiVersion: v1
data:
api: aHR0cDovL3d3dy5hbWF6b24uY29t
app: c3dpZ2d5
env: ZGV2
port: MzAwMA==
team: ZGV2b3Bz
kind: Secret
metadata:
creationTimestamp: "2025-08-21T19:59:47Z"
name: envcmfile
namespace: default
resourceVersion: "5345"
uid: 04a0cd0c-d124-4035-9c3b-ec0649bd1bca
Manifest file
Step1:
[root@ip-10-0-0-29 ~]# cat manifest1.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: finalsecret
data:
key: apivalues
pass: admin@123
Step2:here we have given direct value in the above manifest1 file it should be encrypted data
[root@ip-10-0-0-29 ~]# kubectl create -f manifest1.yaml
Error from server (BadRequest): error when creating "manifest1.yaml": Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 8
--See apivalues key we encrupted the data ,now we need give encrypted value to manifest1 file
[root@ip-10-0-0-29 ~]# echo -n "apivalues" | base64
YXBpdmFsdWVz
[root@ip-10-0-0-29 ~]# echo -n "admin@123" | base64
YWRtaW5AMTIz
data:
key: YXBpdmFsdWVz
pass: YWRtaW5AMTIz
Step3:
[root@ip-10-0-0-29 ~]# vi manifest1.yaml
[root@ip-10-0-0-29 ~]# kubectl create -f manifest1.yaml
secret/finalsecret created
[root@ip-10-0-0-29 ~]# kubectl get secret
NAME TYPE DATA AGE
envcmfile Opaque 5 13m
finalsecret Opaque 2 35s
mysec1 Opaque 2 20m
Step4: now create the pod
[root@ip-10-0-0-29 ~]# vi manifest.yaml
[root@ip-10-0-0-29 ~]# cat manifest.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: pod-3
spec:
containers:
- name: container1
image: nginx
ports:
- containerPort: 80
envFrom:
- secretRef:
name: finalsecret
[root@ip-10-0-0-29 ~]# kubectl create -f manifest.yaml
Error from server (BadRequest): error when creating "manifest.yaml": Pod in version "v1" cannot be handled as a Pod: strict decoding error: unknown field "spec.containers[0].envFrom[0].SecretRef"
[root@ip-10-0-0-29 ~]#
-- pod3 created
[root@ip-10-0-0-29 ~]# kubectl create -f manifest.yaml
pod/pod-3 created
[root@ip-10-0-0-29 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
pod-1 1/1 Running 0 63m
pod-2 1/1 Running 0 48m
pod-3 1/1 Running 0 12s
Step5: Go to inside the pod ,as you out side configuremap file encrypted the data,but pod it will showing data
[root@ip-10-0-0-29 ~]# kubectl exec -id pod-3 -- bash
error: unknown shorthand flag: 'd' in -d
See 'kubectl exec --help' for usage.
[root@ip-10-0-0-29 ~]# kubectl exec -it pod-3 -- bash
root@pod-3:/# printenv
KUBERNETES_SERVICE_PORT_HTTPS=443
pass=admin@123
KUBERNETES_SERVICE_PORT=443
HOSTNAME=pod-3
PWD=/
PKG_RELEASE=1~bookworm
HOME=/root
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
DYNPKG_RELEASE=1~bookworm
NJS_VERSION=0.9.1
TERM=xterm
key=apivalues
Task
Docker hub repository create one private repository push the one image
Private repository ,trying to create pod getting error
Step1: See here getting error
[root@ip-10-0-0-29 ~]# vi manifest.yaml
[root@ip-10-0-0-29 ~]# cat manifest.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: pod-4
spec:
containers:
- name: container1
image: vakatisubbu/movie1:latest
[root@ip-10-0-0-29 ~]# kubectl create -f manifest.yaml
pod/pod-4 created
[root@ip-10-0-0-29 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
pod-1 1/1 Running 0 79m
pod-2 1/1 Running 0 65m
pod-3 1/1 Running 0 16m
pod-4 0/1 ErrImagePull 0 9s
Step2: Describer the pod , as you see below credential issue, we need choose secrete
1.need create one secrete --in that docker username password
2.For secrete need to give in pod and create the pod
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 65s default-scheduler Successfully assigned default/pod-4 to minikube
Normal Pulling 22s (x3 over 64s) kubelet Pulling image "shaikmustafa77/myprivaterepo:latest"
Warning Failed 21s (x3 over 63s) kubelet Failed to pull image "shaikmustafa77/myprivaterepo:latest": Error response from daemon: pull access denied for shaikmustafa77/myprivaterepo, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Warning Failed 21s (x3 over 63s) kubelet Error: ErrImagePull
Normal BackOff 7s (x3 over 62s) kubelet Back-off pulling image "shaikmustafa77/myprivaterepo:latest"
Warning Failed 7s (x3 over 62s) kubelet Error: ImagePullBackOff
Step3: literal ,secret creation
[root@ip-10-0-0-29 ~]# kubectl create secret docker-registry dockersecret --docker-server=docker.io --docker-username=vakatisubbu --docker-password=Jan20@2015 --docker-email=vakati.subbu@gmail.com
secret/dockersecret created
--New secret created successfully
[root@ip-10-0-0-29 ~]# kubectl get secret
NAME TYPE DATA AGE
dockersecret kubernetes.io/dockerconfigjson 1 21s
envcmfile Opaque 5 13h
finalsecret Opaque 2 13h
mysec1 Opaque 2 13h
--See here Secret encrypted
[root@ip-10-0-0-29 ~]# kubectl get secret dockersecret -o yaml
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXIuaW8iOnsidXNlcm5hbWUiOiJ2YWthdGlzdWJidSIsInBhc3N3b3JkIjoiSmFuMjBAMjAxNSIsImVtYWlsIjoidmFrYXRpLnN1YmJ1QGdtYWlsLmNvbSIsImF1dGgiOiJkbUZyWVhScGMzVmlZblU2U21GdU1qQkFNakF4TlE9PSJ9fX0=
kind: Secret
metadata:
creationTimestamp: "2025-08-22T09:47:36Z"
name: dockersecret
namespace: default
resourceVersion: "12738"
uid: 4c6776da-794f-45bc-9526-ffdf678970d5
type: kubernetes.io/dockerconfigjson
Step4:
[root@ip-10-0-0-29 ~]# cat manifest.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: pod-4
spec:
containers:
- name: container1
image: vakatisubbu/movie1:latest
imagePullSecrets:
- name: dockersecret
[root@ip-10-0-0-29 ~]# kubectl create -f manifest.yaml
pod/pod-4 created
[root@ip-10-0-0-29 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
pod-1 0/1 CreateContainerConfigError 0 14h
pod-2 0/1 CreateContainerConfigError 0 14h
pod-3 1/1 Running 1 (13h ago) 13h
pod-4 1/1 Running 0 7s
--Describe for pod-4
[root@ip-10-0-0-29 ~]# kubectl describe pod pod-4
Name: pod-4
Namespace: default
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m default-scheduler Successfully assigned default/pod-4 to minikube
Normal Pulling 3m kubelet Pulling image "vakatisubbu/movie1:latest"
Normal Pulled 2m54s kubelet Successfully pulled image "vakatisubbu/movie1:latest" in 5.409s (5.41s including waiting). Image size: 244571564 bytes.
Normal Created 2m54s kubelet Created container: container1
Normal Started 2m54s kubelet Started container container1
[root@ip-10-0-0-29 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-3 1/1 Running 1 (13h ago) 13h 10.244.0.9 minikube <none> <none>
pod-4 1/1 Running 0 7m59s 10.244.0.14 minikube <none> <none>
--Create the service
[root@ip-10-0-0-29 ~]# cat movie-service.yaml
apiVersion: v1
kind: Service
metadata:
name: movie-service
spec:
selector:
app: movie-app # This must match your pod's label
ports:
- port: 80 # Service port
targetPort: 80 # Container port (where Apache runs)
type: NodePort # Makes it accessible from outside
[root@ip-10-0-0-29 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19h
movie-service NodePort 10.109.52.96 <none> 80:30361/TCP 66m
--See here url is responding
[root@ip-10-0-0-29 ~]# kubectl get service movie-service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
movie-service NodePort 10.109.52.96 <none> 80:30361/TCP 12m
[root@ip-10-0-0-29 ~]# minikube service movie-service --url
http://192.168.49.2:30361
[root@ip-10-0-0-29 ~]# curl http://192.168.49.2:30361
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
body {font-family: Arial, Helvetica, sans-serif;}
/* Full-width input fields */
--Thanks
No comments:
Post a Comment