Kubernetes support building infrastructure using configuration files. K8s configuration files are YAML or JSON files used to define and manage Kubernetes resources, such as pods, deployments, services, etc. These files contain specifications that describe the desired state of the resources you want to create or modify within a Kubernetes cluster.
Here are some key components and sections commonly found in Kubernetes configuration files:
We have three configuration files being used for this tutorial. You can find them here
In this example, we will build a sample application that consists of the following:
Backend
. Accessible only for the Frontend and consists of one PodFrontend
. Accessible from the outside and consists of one PodTo do that, we will use three different configuration files as follows:
sectret
that has the Database user name and password. We will do that though the command lineWe will begin with creating the secret.
Secrets
are a way to securely store sensitive information, such as passwords, tokens, or keys. They’re designed to help manage sensitive data access within Kubernetes deployments. Secrets provide a layer of abstraction and security by encoding and storing sensitive information separately from pod definitions or application code.
Kubernetes secrets can be used by referencing them in pods or containers, allowing applications to access sensitive information without exposing it directly within the code or configuration files. Secrets are stored within the cluster etcd
and can be accessed by authorized entities.
Both the backend and the frontend will need to access the secret we will create. On the backend we will need to set the username and password of the Database. And on the front end we will need to configure the right username and password to be used.
So, we will create two secrets:
kubectl
to create the secrets. Run the following (you can choose your password):kubectl create secret generic mongodb-secret --from-literal=mongo-username=mongouser --from-literal=mongo-password=mongopass
To verify that the above was successful:
kubectl get secrets
$ kubectl get secrets
NAME TYPE DATA AGE
mongodb-secret Opaque 2 5d
You can also run:
kubectl describe secrets mongodb-secret
$ kubectl describe secrets mongodb-secret
Name: mongodb-secret
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
mongo-password: 9 bytes
mongo-username: 9 bytes