Created
June 17, 2019 11:36
-
-
Save mutuadavid93/b056e491359432047a64b0a0be275d19 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: mariadb | |
name: mariadb-deployment | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: mariadb | |
template: | |
metadata: | |
labels: | |
app: mariadb | |
spec: | |
containers: | |
- | |
name: mariadb | |
image: 'docker.io/mariadb:10.4' | |
env: | |
- | |
name: MYSQL_ROOT_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: mariadb-root-password | |
key: password | |
envFrom: | |
- | |
secretRef: | |
name: mariadb-user-creds | |
ports: | |
- | |
containerPort: 3306 | |
protocol: TCP | |
volumeMounts: | |
- | |
mountPath: /var/lib/mysql | |
name: mariadb-volume-1 | |
- | |
mountPath: /etc/mysql/conf.d | |
name: mariadb-config-volume | |
volumes: | |
- | |
emptyDir: {} | |
name: mariadb-volume-1 | |
- | |
configMap: | |
name: mariadb-config | |
items: | |
- | |
key: max_allowed_packet.cnf | |
path: max_allowed_packet.cnf | |
name: mariadb-config-volume |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################# | |
###### Kubernetes SECRETS | |
################################# | |
Note: Both Secrets and ConfigMaps can be exposed inside a container as | |
mounted files or volumes or environment variables. | |
Definition: Kubernetes objects to store small amount of sensitive data. | |
e.g. Database Passwords. | |
CASE: MariaDB on Kubernetes | |
A. Manual Secret Creation: | |
========================== | |
1. Create a secrete containing the MYSQL_ROOT_PASSWORD, choose a password and convert | |
it to base64 | |
## From the Terminal generate a base64 password; | |
echo -n 'KubernetesRocks!' | base64 | |
LW4gJ0t1YmVybmV0ZXNSb2NrcyEnIA0K is the password. | |
2. Now use the base64 password to create our Secret YAML file: | |
## File reference: | |
secrets/mysql-secret.yaml | |
3. Apply our secret into Kubernetes: | |
## Create Secrete: | |
kubectl apply -f secrets/mysql-secret.yaml | |
## Check it out: | |
kubectl describe secret/mariadb-root-password | |
## Edit the secret if you need to: | |
kubectl edit secret/mariadb-root-password | |
## Decode the Secret and pipe it through base64: | |
Note: Incase it doesn't decode, decode it online. | |
kubectl get secret/mariadb-root-password -o jsonpath='{.data.password}' | |
B. Kubernetes built in way Secret Creation: [Much Simpler] | |
========================================================== | |
Use --from-literal to set as many Key/Value pairs as you wish. | |
## Create the Secrets: | |
kubectl create secret generic mariadb-user-creds --from-literal=MYSQL_USER=kubeuser --from-literal=MYSQL_PASSWORD=kube-still-rocks | |
## Confirm that they are actually there: | |
kubectl get secret mariadb-user-creds -o jsonpath="{.data.MYSQL_USER}" | base64 --decode - | |
kubectl get secret mariadb-user-creds -o jsonpath="{.data.MYSQL_PASSWORD}" | base64 --decode - | |
################################# | |
###### Kubernetes ConfigMap | |
################################# | |
Definition: Similar to Secrets but store less sensitive data. Thus great | |
for storing environmental variables and config files. | |
Also used to create customized running services from generic container images. | |
### scenario: | |
Override the default max_allowed_packet in MariaDB from 16M to 64M | |
reference: ./max_allowed_packet.cnf | |
## Create a ConfigMap named mariadb-config | |
kubectl create configmap mariadb-config --from-file=max_allowed_packet.cnf | |
Note: Using --from-file=max_allowed_packet.cnf in kubectl above, creates | |
Stores the name of the file as the Key e.g. max_allowed_packet.cnf verbatim | |
Stores the file contents as Value. | |
Hint: You can explicitly set Key/Value with below option: | |
--from-file=<key_name>=<filename.extensiontype> | |
e.g. --from-file=max-packet=max_allowed_packet.cnf | |
Incase of multiple files, use additional --from-file=<filename> arguments to | |
store those. | |
### Validate the ConfigMap was really created: | |
kubectl get configmap mariadb-config | |
### View the ConfigMap's file contents: | |
kubectl describe configmap mariadb-config | |
### You can edit the ConfigMap properties live on Kubernetes: | |
kubectl edit configmap mariadb-config | |
### Confirm Edited contents: | |
Hint: Escape '.' before extensiontype. | |
kubectl get configmap mariadb-config -o "jsonpath={.data['max_allowed_packet\.cnf']}" | |
###################################### | |
###### Secrets and ConfigMap Usage | |
###################################### | |
Hint: | |
Can be mounted as environment variables or as files within a container. | |
Example: MariaDB scenario | |
Mount Secrets as environmental variables and ConfigMap as files. | |
### First create a mariadb deployment. | |
reference: ./mariadb-deployment.yaml | |
Example: mariadb-root-password Secret addition | |
============================================== | |
Specify the Secret and the key you want by adding an env list/array to the | |
container spec in the Deployment and setting the environment variable value | |
to the value of the key in your Secret. | |
Example: mariadb-root-password max_allowed_packet.cnf file addition | |
==================================================================== | |
Add ConfigMap as a container volumeMount | |
Note: | |
Both Secrets and ConfigMaps can be the source of Kubernetes "volumes" and mounted | |
into the containers. | |
This aint persistent data store. | |
Q. Whereb to add the ConfigMap: | |
Add it under volume list and reference it inside the volumeMount along with a name. | |
### Now create the mariadb instance: | |
kubectl create -f mariadb-deployment.yaml | |
### Confirm the Secret and ConfigMap are being used inside the MariaDB container. | |
kubectl exec -it <pod_name> env | grep MYSQL | |
### Confirm the ConfigMap file "max_allowed_packet.cnf" is stored | |
inside "/etc/mysql/conf.d" | |
kubectl exec -it <pod_name> ls /etc/mysql/conf.d | |
REF: Always use this Site to Clean your YAML files: | |
https://onlineyamltools.com/prettify-yaml | |
####################### | |
!!! YES SUCCESS !!! | |
Now the MariaDB has the environmental variables available for it to use. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment