Secrets: It is similar like ConfigMaps but it will provide the sensitive information into workloads.
Created a ConfigMaps file:
ConfigMaps can be mount as file system in the Pod and passing a environmental variables or passing a ConfigMaps through command line from the K8S.
Created a Yaml file for mounting the ConfigMaps as file system inside of the pod.
apiVersion: v1
kind: Pod
metadata:
name: kuard-config
spec:
containers:
- name: test-container
image: gcr.io/kuar-demo/kuard-amd64:blue
imagePullPolicy: Always
command:
- "/kuard"
- "$(EXTRA_PARAM)"
env:
- name: ANOTHER_PARAM
valueFrom:
configMapKeyRef:
name: my-config
key: another-param
- name: EXTRA_PARAM
valueFrom:
configMapKeyRef:
name: my-config
key: extra-param
volumeMounts:
- name: config-volume
mountPath: /config
volumes:
- name: config-volume
configMap:
name: my-config
restartPolicy: Never
Secrets:
Secrets used to managing passwords, security tokens, other type of private keys. Secrets are exposed to Pods via explicit declaration in the Pod manifests and Kubernetes API. Secrets are stored in the tmpfs file system [RAM disk].
Defined the Secrets inside the Pod configuration:
apiVersion: v1
kind: Pod
metadata:
name: kuard-tls
spec:
containers:
- name: kuard-tls
image: gcr.io/kuar-demo/kuard-amd64:blue
imagePullPolicy: Always
volumeMounts:
- name: tls-certs
mountPath: "/tls"
readOnly: true
volumes:
- name: tls-certs
secret:
secretName: kuard-tls
Created a secrets for the docker pull registry:
# kubectl create secret docker-registry my-image-pull-secret --docker-username=<username> --docker-password=<password> --docker-email=<email-address>
Updating the ConfigMap or Secrets file:
#kubectl replace -f filename
(or)
Edit the configuration file through command line
$ kubectl edit configmap my-config
No comments:
Post a Comment