Kubernetes ConfigMap and Secret as Kubernetes Volumes | Demo

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video I will show you how to create config map and secret volumes and how to use them in pots I'm gonna give you some real-life use cases and show you the syntax of using volumes in a pod configuration think of applications that take configuration files as parameter when they start like Prometheus elasticsearch mosquito message broker nginx or your own JavaScript or Java application that has properties files or applications that need a configuration file with sensitive data like if you have an application with ten external services that it communicates with which are all secured so you have a passwords properties file with all these credentials or maybe an application needs a client certificate file to communicate with an internal secured service now how do you configure that or pass these files to the kubernetes pots and these are actually scenarios that I have used very often when setting up kubernetes clusters because many services that you deploy in kubernetes will have configuration files so it's important to know these concepts if you have seen my other video about kubernetes main components including config map and secret you know they are used for external configuration of individual values like this and you can check out that video right here so this is a MongoDB config map that has one key value pair which is database host and then you have secret for MongoDB as well with username and password key value pairs now note these are individual values and the way we use that in the pod configuration was like this so this is a container where Express would start and the Express can reference these values this individual key value pairs like this so this individual values are used as values for the environmental variables that configure Express application in this case so you have the environmental variable and we take the value of that from the secret referencing the name of the secret and the key inside the secret in the same way we use the config map so this is one specific use case of config maps and secrets however these are individual values and not files that application in the pod container can read so with config map in secret you can create individual key value pairs but you can also create files that can be mounted into the pod and then into the container so that application in that container can access it and you can do that like this so we have the same config component and instead of defining here key value pairs we define the name of that file this is gonna be mosquito conf and these are gonna be the contents of that file know this pipe syntax right here so this is whatever is gonna be inside that file in the same way we can create secret files like this so we have the same secret kind and this is gonna be the file name we're just gonna call it secret that file could be passwords file whatever and this is gonna be a value or secret the contents of that file base64 encoded because this is how you set the value in the secret component and another use case as I mentioned is sometimes you need client certificates for your services so that they can communicate with other secured services and this way you can create a single component where let's say you define a CA certificate or client certificate file and here just paste in the base64 encoded contents of that certificate file so I'm gonna show you all these now in practice and for this demo I'm gonna use mosquito which is a message broker and mosquito like many other services has a configuration file where you can configure different stuff like what ports to open whether to secure it or not mosquito-y also takes a passwords file where you can configure all the authentication or you can also override the certificate files of mosquito and so we're gonna create a config file and a secret file for mosquito port right so we're gonna use these two files and mount them into mosquito pod but to see that first let's actually mosquito without any volumes so no files mounted inside it it's just a default mosquito container that starts without any persistent so I'm gonna head over to mini cube I have a mini cube cluster set up if you want to know how to set up mini cube cluster I have a separate video about that so you can check that out so if all the configuration files already prepared for me here so that I can use them and you can access all these configuration files in the git repository that I will link in the description keep ztl apply mosquito without volumes and I'm gonna have my pot and now let's actually enter the container or get the terminal and let's see its filesystem so I'm gonna LS and here I see a mosquito a pre-configured mosquito directory let's actually go inside and see what it's there and there is a config folder data and lock folder so this is all by default so this is already configured in the image I'm using an eclipse mosquito image this is already pre configured there and if I go into the config directory I see a mosquito dot conf file and default this comes with just commented out contents of its attributes and description so basically there is just description of bunch of defaults here nothing is really set so now we saw the default structure let's actually go out and I'm gonna delete that using the same file so and now we just saw how the default configuration in mosquito looks like and we're gonna now overwrite that mosquito file using the config map by mounting it into the container I'm going to clear that and one thing to note here is that obviously before you can use or reference config method secrets inside your a pod you have to create them so they have to be in the cluster when the pod starts otherwise you will get errors that the config map or secrets component can be found so let's actually go ahead and create this two and secret and we can actually check these are components like this get secret and keep city I'll get config map will give you mosquito config file and I have another one in the cluster okay so now we have those two files ready or resources ready in the cluster now we have to go back and create a mosquito deployment that uses these two files right so this is a mosquito deployment which is exactly the same as this one here the same image the same configuration same port so what we're going to do here is add volumes to this configuration and the way to do that is using volumes attribute at the containers level so remember this is a specification of the pod and inside the pod specification we define volumes and here we list all the volumes that we want to mount into that pod and we just give it names like let's call this mosquito config and this is the type of volume that you want to mount into that part if you want to see the complete overview of volumes and different types of them you can check out my other video where explained the volume components so here we're mounting config for limb type so I'm gonna write config map and the name of that config map is this one right here and that's it we mounted fathered this config map created into the pod and now let's do the same for the secret let's call it mosquitos secret and the attribute for secret this is again the volume type secret and the attribute is secret name and this is the name and this is basically just some random secret file that we are creating just for the demonstration okay so now I have both volume types mounted into the pot the next step is that now you have to mount those volumes inside the container because the application is actually running inside the container so if we want the application to use that we have to mount whatever's available here inside the container and the way to do that is inside each individual container so you may have a list of containers here so you have to do that for each individual container so we have just one here and inside that I'm gonna create volume mounts attribute with camelcase like this and here again I'm gonna list all the volumes that I want to mount from pot to container now obviously you can't mount into the container anything that you don't have available inside the pot so here I'm gonna against a name and this name here is gonna be the name that we defined here so it's gonna be you know call and the second attribute is mount path in the beginning I showed you the file system or mosquito container and we saw there was a mosquito directory with config in it so mount path references the path file system inside the container where we want this file to end up so we saw that mosquito conf is inside the / mosquito / config and we want to overwrite that so that's gonna be the mount path and we're gonna do the same for the secret so I'm gonna copy that so this is the name and mount path mosquito and let's actually create a secret folder inside which doesn't exist yet and then this file the secret dot file is going to be available inside that directory in the container and that's it you can also add additional attributes here for example one very common case is that for example when you're mounting a client certificate which is maybe used in many different applications you may want to add a read-only attribute to that which makes sense because you don't want the applications to modify those certificate files they're just there for reading so you can add read-only true attribute to that same could be done for configuration files that are not meant to be changed by the application so let's add that attribute there and this is it so we're done mounting the configuration file created using config map component and the secret file which we just created random one inside the pod and inside the container application and obviously the path value depends on the application for example if you have elasticsearch it has a default config location it's I believe slash ATC slash elasticsearch so the config location will be different for nginx it's etc' nginx etc same with secret for example if you have your own application that expects passwords file at a specific location then you want to mount that secret in to that specific location so that the application can find it this con cept here of first mounting the volumes in the pot and then mounting into the container basically is useful if you have multiple containers you can decide which container gets access to which volumes that pot has available so you can actually decide to give one container one volume access to one storage or not give the container access to a certain storage okay so the mosquito deployment file is ready so let's actually create that so I'm gonna head back to the mini cube and supply mosquito so let's actually get in the container again so exact so Bash is not available so we're gonna go with Sh and here let's go inside the mosquito again and first we'll see the secret directory that wasn't here before let's go inside and here we have the secret dot file that we created with basics different coded content and let's see what's in there and there is a plain text contents of that file which says super secret nobody should see ok and now let's go back to mosquito and config folder and here previously was this default configuration file that we overrode if I display that these are the contents of the new configuration file that we mounted that mosquito now uses so to summarize what we saw in this video is config map and secret components in kubernetes are used both to create individual key pair values that you can use as values of environments of variables for example in your pods configuration or you can create files from them that you can then pass in as a configuration file to your application which as I mentioned is a use case that actually happens very frequently because a lot of services take some kind of external configuration file or multiple configuration files and the second point is the config map and secret are volume types which people don't realize right at the beginning because they don't look like the typical volumes created with volume persistent volume component but there are local volume types and communities so that's it for this video I'm gonna create more content on how to use individual volume types like local volumes and remote volumes or cloud storage volumes for different use cases so stay tuned for that thank you for watching and see you in the next video

Info

Channel: TechWorld with Nana

Views: 61,239

Rating: 4.9576721 out of 5

Keywords: kubernetes volumes, kubernetes configmap, kubernetes secrets, kubernetes configmap and secrets, kubernetes volumes example, configmap volume, secret volume, kubernetes volume tutorial, kubernetes practical, volumes in kubernetes, kubernetes volumes explained, kubernetes tutorial, kubernetes tutorial for beginners, kubernetes, kubernetes in practice, kubernetes secret, kubernetes demo, kubernetes volume, volumes kubernetes, techworld with nana, kubernetes volumes demo

Id: FAnQTgr04mU

Channel Id: undefined

Length: 16min 54sec (1014 seconds)

Published: Sat May 23 2020