mirror of
https://github.com/MichaelCade/90DaysOfDevOps.git
synced 2024-12-22 21:23:13 +07:00
Finally added Day 40 and 41 for the 2023 Edition
This commit is contained in:
parent
a3d3592cc1
commit
0e0e66c6df
@ -0,0 +1,88 @@
|
||||
# Understanding Kubernetes Secrets
|
||||
## Introduction
|
||||
|
||||
Kubernetes has become the de facto standard for container orchestration, enabling developers to deploy, manage, and scale applications with ease. As you manage applications on Kubernetes, you'll often need to handle sensitive information like passwords, tokens, and keys. This is where Kubernetes secrets come into play. In this post, we'll explore what Kubernetes secrets are, why they are important, and how they work.
|
||||
|
||||
## What are Kubernetes Secrets?
|
||||
Kubernetes secrets are objects designed to store sensitive information securely. Unlike ConfigMaps, which store configuration data in plain text, secrets are intended to hold sensitive data, such as:
|
||||
|
||||
- Passwords
|
||||
- API tokens
|
||||
- SSH keys
|
||||
- TLS certificates
|
||||
|
||||
Secrets are encoded in Base64 format and can be used in various ways to ensure sensitive information is handled securely within your Kubernetes clusters.
|
||||
|
||||
## Types of Secrets:
|
||||
|
||||
- Opaque: The default secret type for arbitrary user-defined data.
|
||||
- TLS: Specifically used to store TLS certificates and keys.
|
||||
- Docker Config: Used for storing Docker registry credentials.
|
||||
- Basic Auth: Stores username and password pairs.
|
||||
- SSH Auth: Stores SSH keys.
|
||||
|
||||
## Why are Kubernetes Secrets Important?
|
||||
|
||||
Kubernetes secrets are crucial for several reasons:
|
||||
|
||||
1. Security and Confidentiality: Secrets help keep sensitive data out of application code and configuration files.
|
||||
2. Avoid Hardcoding: They prevent hardcoding sensitive information in your codebase, reducing the risk of leaks.
|
||||
3. Simplified Management: Secrets simplify the process of updating sensitive data without requiring application restarts or redeployments.
|
||||
|
||||
## How Kubernetes Secrets Work
|
||||
|
||||
Creation and Storage: Secrets can be created manually or programmatically using kubectl, the Kubernetes API, or Helm charts. They are stored in the etcd database, which should be configured to encrypt data at rest.
|
||||
|
||||
Accessing Secrets: Secrets can be mounted as volumes or exposed as environment variables within pods. This allows applications to access the sensitive information without exposing it in the container image.
|
||||
|
||||
Encryption at Rest: Kubernetes supports encryption at rest for secrets stored in etcd. This adds an extra layer of security by ensuring that the secret data is encrypted when written to disk.
|
||||
|
||||
## Conclusion
|
||||
|
||||
Kubernetes secrets are an essential component for securely managing sensitive information in your clusters. They provide a secure, flexible, and manageable way to handle data that should not be exposed or hardcoded. In the next post, we'll dive into hands-on scenarios to help you get started with creating and using Kubernetes secrets.
|
||||
|
||||
## Resources
|
||||
|
||||
# Free YouTube Resources for Kubernetes Secrets Management
|
||||
|
||||
1. **Kubernetes Secrets Explained**
|
||||
- [Kubernetes Secrets Explained | Kubernetes Tutorial 16 | Learn Kubernetes](https://www.youtube.com/watch?v=au6gC2iE2JM) by TechWorld with Nana
|
||||
- This video explains the basics of Kubernetes secrets, how to create them, and how to use them in your pods.
|
||||
|
||||
2. **Managing Secrets in Kubernetes**
|
||||
- [Managing Secrets in Kubernetes](https://www.youtube.com/watch?v=ON5pQByUkkE) by A Cloud Guru
|
||||
- This video covers different types of secrets, how to manage them, and best practices.
|
||||
|
||||
3. **Kubernetes Secrets: Store, Use & Encrypt Secrets with Kubernetes**
|
||||
- [Kubernetes Secrets: Store, Use & Encrypt Secrets with Kubernetes](https://www.youtube.com/watch?v=fFOvlPjuw9I) by DevOps Toolkit
|
||||
- The video dives into how to create secrets, access them from pods, and enable encryption at rest.
|
||||
|
||||
4. **Using Kubernetes Secrets**
|
||||
- [Using Kubernetes Secrets](https://www.youtube.com/watch?v=gZX9Vxjpo5Y) by IBM Technology
|
||||
- This tutorial explains how to create, manage, and use secrets in a Kubernetes cluster.
|
||||
|
||||
5. **Kubernetes Tutorial: How to use Kubernetes Secrets in your cluster**
|
||||
- [Kubernetes Tutorial: How to use Kubernetes Secrets in your cluster](https://www.youtube.com/watch?v=5fCJlAqC1B0) by Just me and Opensource
|
||||
- The video provides a hands-on guide to creating and using secrets in Kubernetes.
|
||||
|
||||
6. **Kubernetes Secrets Management Best Practices**
|
||||
- [Kubernetes Secrets Management Best Practices](https://www.youtube.com/watch?v=Nwd8tUP43WU) by Kubernetes Community Days
|
||||
- This talk focuses on best practices for managing secrets in Kubernetes environments.
|
||||
|
||||
7. **Kubernetes Secrets and ConfigMaps**
|
||||
- [Kubernetes Secrets and ConfigMaps](https://www.youtube.com/watch?v=7UXJ-nxW1EI) by FreeCodeCamp.org
|
||||
- This video covers the differences between ConfigMaps and Secrets and how to use both effectively.
|
||||
|
||||
8. **Kubernetes Secrets | Security and Configuration Management in Kubernetes**
|
||||
- [Kubernetes Secrets | Security and Configuration Management in Kubernetes](https://www.youtube.com/watch?v=twFRhEcvC2E) by Tech Primers
|
||||
- A comprehensive guide to security and configuration management using Kubernetes secrets.
|
||||
|
||||
9. **Advanced Kubernetes Secrets Management with HashiCorp Vault**
|
||||
- [Advanced Kubernetes Secrets Management with HashiCorp Vault](https://www.youtube.com/watch?v=byCCrbt0bBo) by HashiCorp
|
||||
- This video demonstrates how to integrate HashiCorp Vault with Kubernetes for advanced secrets management.
|
||||
|
||||
10. **Secrets Management in Kubernetes with Sealed Secrets**
|
||||
- [Secrets Management in Kubernetes with Sealed Secrets](https://www.youtube.com/watch?v=UrhZiFEYcs4) by KubeCon + CloudNativeCon
|
||||
- A presentation on how to manage secrets using Sealed Secrets, a tool that allows secrets to be safely stored and managed within Git repositories.
|
||||
|
||||
This wraps up Day 40, tomorrow we will get hands-on with Kubernetes secrets [Day 41](day41.md)
|
131
2023/day41.md
131
2023/day41.md
@ -0,0 +1,131 @@
|
||||
# Hands-On with Kubernetes Secrets
|
||||
|
||||
## Introduction
|
||||
|
||||
On [Day 40](day40.md) we gave an introduction to Kubernetes secrets after dabbling a little with them on [Day 39](day39.md)., we discussed the importance of Kubernetes secrets and how they help secure sensitive information. Now, let's get hands-on with some practical scenarios to demonstrate how you can create and use secrets in your Kubernetes environment.
|
||||
|
||||
## Scenario 1: Creating and Using a Simple Opaque Secret
|
||||
|
||||
For these scenarios we are going to need that minikube cluster again, You can see those instructions on [Day 39](day39.md) to get a cluster up and running.
|
||||
|
||||
### Step-by-Step Guide:
|
||||
|
||||
1. **Create a Secret:**
|
||||
```bash
|
||||
kubectl create secret generic my-secret --from-literal=username=myuser --from-literal=password=mypassword
|
||||
```
|
||||
|
||||
2. **Access the Secret in a Pod:**
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: secret-test
|
||||
spec:
|
||||
containers:
|
||||
- name: mycontainer
|
||||
image: nginx
|
||||
env:
|
||||
- name: USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: my-secret
|
||||
key: username
|
||||
- name: PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: my-secret
|
||||
key: password
|
||||
restartPolicy: Never
|
||||
```
|
||||
|
||||
3. **Deploy the Pod:**
|
||||
```bash
|
||||
kubectl apply -f secret-pod.yaml
|
||||
```
|
||||
|
||||
## Scenario 2: Using Secrets for TLS Certificates
|
||||
|
||||
### Step-by-Step Guide:
|
||||
|
||||
1. **Create a TLS Secret:**
|
||||
```bash
|
||||
kubectl create secret tls tls-secret --cert=path/to/tls.crt --key=path/to/tls.key
|
||||
```
|
||||
|
||||
2. **Configure a Pod to Use the TLS Secret:**
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: tls-pod
|
||||
spec:
|
||||
containers:
|
||||
- name: mycontainer
|
||||
image: nginx
|
||||
volumeMounts:
|
||||
- name: tls-volume
|
||||
mountPath: "/etc/nginx/ssl"
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: tls-volume
|
||||
secret:
|
||||
secretName: tls-secret
|
||||
restartPolicy: Never
|
||||
```
|
||||
|
||||
3. **Deploy the Pod:**
|
||||
```bash
|
||||
kubectl apply -f tls-pod.yaml
|
||||
```
|
||||
|
||||
## Scenario 3: Managing Secrets with Environment Variables
|
||||
|
||||
### Step-by-Step Guide:
|
||||
|
||||
1. **Create a Secret:**
|
||||
```bash
|
||||
kubectl create secret generic db-secret --from-literal=db_username=dbuser --from-literal=db_password=dbpass
|
||||
```
|
||||
|
||||
2. **Use the Secret as Environment Variables in a Pod:**
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: env-pod
|
||||
spec:
|
||||
containers:
|
||||
- name: mycontainer
|
||||
image: mysql
|
||||
env:
|
||||
- name: DB_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: db-secret
|
||||
key: db_username
|
||||
- name: DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: db-secret
|
||||
key: db_password
|
||||
restartPolicy: Never
|
||||
```
|
||||
|
||||
3. **Deploy the Pod:**
|
||||
```bash
|
||||
kubectl apply -f env-pod.yaml
|
||||
```
|
||||
|
||||
## Best Practices for Managing Kubernetes Secrets
|
||||
|
||||
1. **Regularly Rotate Secrets**: Change your secrets periodically to reduce the risk of compromise.
|
||||
2. **Use RBAC to Control Access**: Restrict access to secrets using Kubernetes Role-Based Access Control (RBAC).
|
||||
3. **Enable Encryption at Rest**: Ensure your etcd database is configured to encrypt secrets at rest for added security.
|
||||
|
||||
## Conclusion
|
||||
|
||||
In this post, we've explored practical scenarios for creating and using Kubernetes secrets. By following these steps, you can securely manage sensitive information in your Kubernetes clusters. Remember to follow best practices to keep your secrets safe and secure. Happy Kubernetes-ing!
|
||||
|
||||
|
||||
This wraps up the Secrets Management section, [Day 42](day42.md) We can get into into some programming language learning specifically around Python.
|
Loading…
Reference in New Issue
Block a user