github.com/googlecloudplatform/kubernetes-workshops@v0.0.0-20180501174420-d8199445b2c3/bundles/kubernetes-101/workshop/labs/managing-application-configurations-and-secrets.md (about)

     1  # Managing Application Configurations and Secrets
     2  
     3  Many applications require configuration settings and secrets such as TLS certificates to run in a production environment. In this lab you will learn how to:
     4  
     5  * Create secrets to store sensitive application data
     6  * Create configmaps to store application configuration data
     7  * Expose secrets and configmaps to Pods at runtime
     8  
     9  In this lab we will create a new Pod named `secure-monolith` based on the `healthy-monolith` Pod. The `secure-monolith` Pod secures access to the `monolith` container using [Nginx](http://nginx.org/en), which will serve as a reverse proxy serving HTTPS.
    10  
    11  > The nginx container will be deployed in the same pod as the monolith container because they are tightly coupled.
    12  
    13  ## Tutorial: Creating Secrets
    14  
    15  Before we can use the `nginx` container to serve HTTPS traffic we need some TLS certificates. In this tutorial you will store a set of self-signed TLS certificates in Kubernetes as secrets.
    16  
    17  Create the `tls-certs` secret from the TLS certificates stored under the tls directory:
    18  
    19  ```
    20  kubectl create secret generic tls-certs --from-file=tls/
    21  ```
    22  
    23  Examine the `tls-certs` secret:
    24  
    25  ```
    26  kubectl describe secrets tls-certs
    27  ```
    28  
    29  ### Quiz
    30  
    31  * How many items are stored under the `tls-certs` secret?
    32  * What are the key names?
    33  
    34  ## Tutorial: Creating Configmaps
    35  
    36  The nginx container also needs a configuration file to setup the secure reverse proxy. In this tutorial you will create a configmap from the `proxy.conf` nginx configuration file.
    37  
    38  Create the `nginx-proxy-conf` configmap based on the `proxy.conf` nginx configuration file:
    39  
    40  ```
    41  kubectl create configmap nginx-proxy-conf --from-file=nginx/proxy.conf
    42  ```
    43  
    44  Examine the `nginx-proxy-conf` configmap:
    45  
    46  ```
    47  kubectl describe configmaps nginx-proxy-conf
    48  ```
    49  
    50  ### Quiz
    51  
    52  * How many items are stored under the `nginx-proxy-conf` configmap?
    53  * What are the key names?
    54  
    55  ## Tutorial: Use Configmaps and Secrets
    56  
    57  In this tutorial you will expose the `nginx-proxy-conf` configmap and the `tls-certs` secrets to the `secure-monolith` pod at runtime:
    58  
    59  Examine the `secure-monolith` pod configuration file:
    60  
    61  ```
    62  cat pods/secure-monolith.yaml
    63  ```
    64  
    65  ### Quiz
    66  
    67  * How are secrets exposed to the `secure-monolith` Pod?
    68  * How are configmaps exposed to the `secure-monolith` Pod?
    69  
    70  Create the `secure-monolith` Pod using kubectl:
    71  
    72  ```
    73  kubectl create -f pods/secure-monolith.yaml
    74  ```
    75  
    76  #### Test the HTTPS endpoint
    77  
    78  Forward local port 10443 to 443 of the `secure-monolith` Pod:
    79  
    80  ```
    81  kubectl port-forward secure-monolith 10443:443
    82  ```
    83  
    84  Use the `curl` command to test the HTTPS endpoint:
    85  
    86  ```
    87  curl --cacert tls/ca.pem https://127.0.0.1:10443
    88  ```
    89  
    90  Use the `kubectl logs` command to verify traffic to the `secure-monolith` Pod:
    91  
    92  ```
    93  kubectl logs -c nginx secure-monolith
    94  ```
    95  
    96  ## Summary
    97  
    98  Secrets and Configmaps allow you to store application secrets and configuration data, then expose them to Pods at runtime. In this lab you learned how to expose Secrets and Configmaps to Pods using volume mounts. You also learned how to run multiple containers in a single Pod.