5. Manage Storage for Application Configuration and Data Flashcards
Como se forma el yaml con los siguientes datos
Tipo Deployment
Nombre hello-deployment
Replicas 1
Selectors = app: hello-deployment
labels = app: hello-deployment
template = app:deployment
variables de ambiente= ENV_VARIABLE_1
obtiene valor de secreto key: hello y name: world
imagen= quay.io/hello-world
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-deployment
spec:
replicas: 1
selector:
matchLabels:
app: hello-deployment
template:
metadata:
labels:
app: hello-deployment
spec:
containers:
- env:
- name: ENV_VARIABLE_1
valueFrom:
secretKeyRef:
key: hello
name: world
image: quay.io/hello-image:latest
Como se forma el configuration map con los siguientes datos de ejemplo:
name: example-configmap
namespace: my-app
example.property.1: hello
example.property.2: world
example.property.file multiple property.1=value-1 property.2=value-2 property.3=value-3
binario bar: L3Jvb3QvMTAw
apiVersion: v1
kind: ConfigMap 1
metadata:
name: example-configmap
namespace: my-app
data: 2
example.property.1: hello
example.property.2: world
example.property.file: |-
property.1=value-1
property.2=value-2
property.3=value-3
binaryData: 3
bar: L3Jvb3QvMTAw
Como se hace el secreto con los datos siguientes:
name: example-secret
namespace: my-app
data= username: bXl1c2VyCg== password: bXlQQDU1Cg==
stringData= hostname: myapp.mydomain.com
secret properties=
property1=valueA
property2=valueB
apiVersion: v1
kind: Secret
metadata:
name: example-secret
namespace: my-app
type: Opaque
data:
username: bXl1c2VyCg==
password: bXlQQDU1Cg==
stringData:
hostname: myapp.mydomain.com
secret.properties: |
property1=valueA
property2=valueB
Como se codifica y decodifica
echo bXl1c2VyCg== | base64 –decode
echo bXl1c2VyCg== | base64 –code
Como se crea un secreto desde command line key1=secret1 y key2=secret2
oc create secret generic secret_name \
–from-literal key1=secret1 \
–from-literal key2=secret2
Como se crea secreto desde archivos ssh-keys \
id_rsa=/path-to/id_rsa \
id_rsa.pub=/path-to/id_rsa.pub
kubectl create secret generic ssh-keys \
–from-file id_rsa=/path-to/id_rsa \
–from-file id_rsa.pub=/path-to/id_rsa.pub
Como se crea secreto para TLS
cert /path-to-certificate key /path-to-key
oc create secret tls secret-tls \
–cert /path-to-certificate –key /path-to-key
Como se crea configuration map my-config desde literal key1=config1 key2=config2
kubectl create configmap my-config \
–from-literal key1=config1 –from-literal key2=config2
Cual es la estructura del config map name config-map-example
namespace-app
database.name sakila
database.user redhat
apiVersion: v1
kind: ConfigMap
metadata:
name: config-map-example
namespace: example-app
data:
database.name: sakila
database.user: redhat
Cual es la estructura de yaml para el config map example del pod
name: config-map-example-pod
namespace: example-app
- name: example-container
image: registry.example.com/mysql-80:1-237
command: [ "/bin/sh", "-c", "env" ]
- name: MYSQL_DATABASE
valueFrom:
name: config-map-example
key: database.name
- name: MYSQL_USER
name: config-map-example
key: database.user optional: true
apiVersion: v1
kind: Pod
metadata:
name: config-map-example-pod
namespace: example-app
spec:
containers:
- name: example-container
image: registry.example.com/mysql-80:1-237
command: [ “/bin/sh”, “-c”, “env” ]
env: 1
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: config-map-example
key: database.name
- name: MYSQL_USER
valueFrom:
configMapKeyRef:
name: config-map-example
key: database.user
optional: true
Como se puede crear un pod usando variables desde un configmap
apiVersion: v1
kind: Pod
metadata:
name: config-map-example-pod
namespace: example-app
spec:
containers:
- name: example-container
image: registry.example.com/mysql-80:1-237
command: [ “/bin/sh”, “-c”, “env” ]
envFrom:
- configMapRef:
name: config-map-example
restartPolicy: Never
Como se especifica un pod resource con imagen registry.example.com/mysql-80:1-237 y estableciendo la variable MYSQL_DATABASE y MYSQL_USER desde un config map config-map-example keys
database.name y database.user
apiVersion: v1
kind: Pod
metadata:
name: config-map-example-pod
namespace: example-app
spec:
containers:
- name: example-container
image: registry.example.com/mysql-80:1-237
command: [ “/bin/sh”, “-c”, “env” ]
env:
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: config-map-example
key: database.name
- name: MYSQL_USER
valueFrom:
configMapKeyRef:
name: config-map-example
key: database.user
optional: true
Como se puede exportar la variable TEST_SECRET_UESRNAME__ENV_VAR
desde secreto para pod secret-example-pod image busybox
apiVersion: v1
kind: Pod
metadata:
name: secret-example-pod
spec:
containers:
- name: secret-test-container
image: busybox
command: [ “/bin/sh”, “-c”, “export” ]
env:
- name: TEST_SECRET_USERNAME_ENV_VAR
valueFrom:
secretKeyRef:
name: test-secret
key: username
Como se monta un secreto demo-user pass zT1KTgk dentro del filesystem /app-secrets llamado demo-secret o desde archivo
volume en el deployment demo
oc create secret generic demo-secret \
–from-literal user=demo-user \
–from-literal root_password=zT1KTgk
[user@host ~]$ oc create secret generic demo-secret \
–from-file user=/tmp/demo/user \
–from-file root_password=/tmp/demo/root_password
[user@host ~]$ oc set volume deployment/demo \ 1
–add –type secret \ 2
–secret-name demo-secret \ 3
–mount-path /app-secrets
Como usar un config map config-files/http.conf en volumen /app-secrets usando el config map demo-map para el deployment demo
oc create configmap demo-map \
–from-file=config-files/httpd.conf
oc set volume deployment/demo \
–add –type configmap \
–configmap-name demo-map \
–mount-path /app-secrets
oc set volume deployment/demo
