Questão 19 - Criar Secret e Montar em Pod
Question 19 | Create Secret and mount into Pod
NOTE: This task can only be solved if questions 18 or 20 have been successfully implemented and the k8s-c3-CCC cluster has a functioning worker node
Use context: kubectl config use-context k8s-c3-CCC
Do the following in a new Namespace secret. Create a Pod named secret-pod of image busybox:1.31.1 which should keep running for some time.
There is an existing Secret located at /opt/course/19/secret1.yaml, create it in the Namespace secret and mount it readonly into the Pod at /tmp/secret1.
Create a new Secret in Namespace secret called secret2 which should contain user=user1 and pass=1234. These entries should be available inside the Pod's container as environment variables APP_USER and APP_PASS.
Confirm everything is working.
Podemos ver que uma questão pode depender da outra. Se o não for acertado o cluster que vamos usar que estaria com problemas para ser resolvido em questões anteriores não é possível fazer. Vamos assumir que está ok.
kubectl config use-context k8s-c3-CCC
k create ns secret
# Foi falado que existe um template para uma secret que deve ser criada no namespace secret e montada no pod.
cp /opt/course/19/secret1.yaml new_secret1.yaml
vim new_secret1.yaml
Analisando o que vamos aplicar e fazendo as mudanças
apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
name: secret1
namespace: secret # alterar para o namespace pedido
data:
halt: IyEgL2Jpbi9zaAo...
k -f 19_secret1.yaml create
# Agora vamos criar a segunda secret que foi pedida
k create secret -n secret generic secret2 --from-literal=user=user1 --from-literal=pass=1234
# Vamos criar um template para o pod. Esse pod precisa esta rodando quando o avaliador for ver as coisas, então vamos dar uns dias
k run secret-pod -n secret --image=busybox:1.31.1 --dry-run=client -o yaml -- sh -c "sleep 10d" > /opt/course/19/pod.yaml
vim /opt/course/19/pod.yaml
Agora vamos montar as secrets dentro. A secret1 como volume a secret2 como env.
# /opt/course/19/pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: secret-pod
name: secret-pod
namespace: secret
spec:
containers:
- args:
- sh
- -c
- sleep 10d
image: busybox:1.31.1
name: secret-pod
resources: {}
env: # add
- name: APP_USER # add
valueFrom: # add
secretKeyRef: # add
name: secret2 # add
key: user # add
- name: APP_PASS # add
valueFrom: # add
secretKeyRef: # add
name: secret2 # add
key: pass # add
volumeMounts: # add
- name: secret1 # add
mountPath: /tmp/secret1 # add
readOnly: true # add
dnsPolicy: ClusterFirst
restartPolicy: Always
volumes: # add
- name: secret1 # add
secret: # add
secretName: secret1 # add
status: {}
E vamos aplicar e conferir.
k create -f /opt/course/19/pod.yaml
# Só para conferir
k exec -n secret secret-pod -- env | grep APP
APP_PASS=1234
APP_USER=user1
➜ k exec -n secret secret-pod -- find /tmp/secret1
/tmp/secret1
/tmp/secret1/..data
/tmp/secret1/halt
/tmp/secret1/..2019_12_08_12_15_39.463036797
/tmp/secret1/..2019_12_08_12_15_39.463036797/halt
➜ k -n secret exec secret-pod -- cat /tmp/secret1/halt
#! /bin/sh
### BEGIN INIT INFO
# Provides: halt
# Required-Start:
# Required-Stop:
# Default-Start:
# Default-Stop: 0
# Short-Description: Execute the halt command.
# Description:
...