Credentials and Configs in Kubernetes Secrets and ConfigMaps

Рет қаралды 19,226

Күн бұрын

Kubernetes ConfigMaps and Secrets Tutorial // In this tutorial we will use ConfigMap and Secret objects in my Cluster to deploy NGINX and MySQL containers. This example is a great howto for beginners which explains how to get configuration files and credentials as examples inside the volume of the container. #Kubernetes #ConfigMaps #HomeLab
Kubernetes Persistent Volumes: • Persistent Volumes wit...
Teleport-*: goteleport.com/thedigitallife
Follow me:
TWITTER: / christianlempa
INSTAGRAM: / christianlempa
DISCORD: / discord
GITHUB: github.com/christianlempa
PATREON: / christianlempa
MY EQUIPMENT: kit.co/christianlempa
Timestamps:
00:00 - Introduction
01:19 - Why use ConfigMaps and Secrets?
02:40 - What is a ConfigMap?
03:19 - Nginx Config stored in a ConfigMap
08:51 - What is a Secret?
09:41 - MySQL Password in a Secret
14:57 - Nginx Certificates in a Secret
18:47 - Are Kubernetes Secrets secure?
________________
All links with "*" are affiliate links.

Пікірлер: 28

@mateuszkozera9443 26 күн бұрын

Thank You Christian!

@RABWA333 2 жыл бұрын

Thanks a lot , very informative

@christianlempa 2 жыл бұрын

You're welcome 😀

@totto4556 Жыл бұрын

AMAZING VIDEO!

@christianlempa Жыл бұрын

Glad you think so!

@oussamaelkhayali2218 2 жыл бұрын

Man, its my first comment on youtube, I really love your videos, im a beginner and whenever i have a problem, your chanel is my first choice, keep going !

@christianlempa 2 жыл бұрын

Thank you so much! I'm happy that you enjoy the channel. 🤗

@stevenstreller8818 11 ай бұрын

One thing would have to be mentioned in any case: If I store the secret as environment variable in the deployment, I have the possibility to access this value in the running container instance via the terminal with printenv or env in the container. Here, too, the values are then in plain text. So if a potential attacker gets access to the container, he can easily read the password for the database 🙂

@vasireddy7355 Жыл бұрын

You are awesome.

@christianlempa Жыл бұрын

You are!

@TheChihuhua Жыл бұрын

B-E-A-Utiful!

@et4493 Жыл бұрын

absolute champion ❤ BTW that's not how you say opaque, but it was just hilarious 😂

@christianlempa Жыл бұрын

Haha! Thanks mate :D

@PeterNunnOZ 2 жыл бұрын

Looking forward to the reverse proxy and ingress bits :)

@christianlempa 2 жыл бұрын

Thanks! I hope you'll like it ;)

@allisondealmeida 2 жыл бұрын

Tem algum tutorial de criação de um cluster kubernetes de alta disponibilidade?

@cristianllansola1095 8 ай бұрын

I configured my configmaps, and works perfectly with my env values from VUE. But I'm trying to get this values in the frontend pod... i'm no able to do it.... Is there any extra conf ? Thanks a lot for your videos.

@kylehodgetts 2 жыл бұрын

Opaque is said like "Oh-payk" :)

@christianlempa 2 жыл бұрын

Yeah I realized it when looking it up after the recording 😄

@KeithDavey2014 10 ай бұрын

You can also pre base64 encode the secret string and put that in the secret.yaml file as well. That way he secret is not stored in plane test in the yaml file its self.

@TakeOnMe5 7 ай бұрын

In case you missed 18:47 ... Base64 is not an encryption, it is an encoding only - It does nothing to protect the password!

@christianlempa 7 ай бұрын

Thanks for sharing

@hamadaparis3556 2 жыл бұрын

Hi Chris I have a question about kubernetes clusterIP service for pods as a single network point other pods can reach internally, where does its IP exist if I define one on my cluster, how the request travels from external pod to the service to retrieve data or whatever, I think that the virtual IP address for the service exists on the master and not the worker nodes since the worker node can go down and the service is still maintained, the request from the pod goes to the master who determines the service endpoint and routes the request to that IP I'm just saying man what would logically happen any clarification correcting would be really appreciated thanks for the content.

@christianlempa 2 жыл бұрын

The network layer is controlled on each node by the kube-proxy service. Once you define a ClusterIP, the user-space proxy uses iptables rules which capture traffic to the Service's clusterIP and redirect´s that traffic to the proxy port which proxies the backend Pod. Hope that makes sense.

@hamadaparis3556 2 жыл бұрын

Awesome thanks so much🙂🙏