Book Image

The Kubernetes Workshop

By : Zachary Arnold, Sahil Dua, Wei Huang, Faisal Masood, Mélony Qin, Mohammed Abu Taleb
Book Image

The Kubernetes Workshop

By: Zachary Arnold, Sahil Dua, Wei Huang, Faisal Masood, Mélony Qin, Mohammed Abu Taleb

Overview of this book

Thanks to its extensive support for managing hundreds of containers that run cloud-native applications, Kubernetes is the most popular open source container orchestration platform that makes cluster management easy. This workshop adopts a practical approach to get you acquainted with the Kubernetes environment and its applications. Starting with an introduction to the fundamentals of Kubernetes, you’ll install and set up your Kubernetes environment. You’ll understand how to write YAML files and deploy your first simple web application container using Pod. You’ll then assign human-friendly names to Pods, explore various Kubernetes entities and functions, and discover when to use them. As you work through the chapters, this Kubernetes book will show you how you can make full-scale use of Kubernetes by applying a variety of techniques for designing components and deploying clusters. You’ll also get to grips with security policies for limiting access to certain functions inside the cluster. Toward the end of the book, you’ll get a rundown of Kubernetes advanced features for building your own controller and upgrading to a Kubernetes cluster without downtime. By the end of this workshop, you’ll be able to manage containers and run cloud-based applications efficiently using Kubernetes.
Table of Contents (20 chapters)

What Is a Secret?

A ConfigMap provides a way to decouple application configuration data from the application itself. However, the problem with a ConfigMap is that it stores the data in plain text as a Kubernetes object. What if we want to store some sensitive data such as a database password? Kubernetes Secret provides a way to store sensitive data that can then be made available to the applications that require it.

Secret versus ConfigMap

You can think of a Secret as the same as a ConfigMap with the following differences:

  1. Unlike a ConfigMap, a Secret is intended to store a small amount (1 MB for a Secret) of sensitive data. A Secret is base64-encoded, so we cannot treat it as secure. It can also store binary data such as a public or private key.
  2. Kubernetes ensures that Secrets are passed only to the nodes that are running the Pods that need the respective Secrets.


    Another way to store sensitive data is a vault solution, such as HashiCorp Vault. We have left such...