2 An introduction to Kubernetes and Secrets

 

This chapter covers

  • Understanding the basic architecture of a Kubernetes cluster
  • Deploying an application to Kubernetes
  • Managing application configuration externally
  • Using Kubernetes Secrets to store sensitive information

Because secrets management begins with the initial configuration and the security needs of the application, it’s important to fully understand the initial setup process. In this chapter, you will learn more about how to manage configurations, both insecure and secure, by deploying a simple RESTful Web Service that returns a greeting message.

NOTE

You’ll need a Kubernetes cluster to run the implementations in this book. You can use any Kubernetes distribution provided by a public cloud or made to run it locally.

The examples in this book are tested using a minikube cluster. Minikube allows you to run Kubernetes locally in a single-node Kubernetes cluster inside a virtual machine (VM) on a laptop. Follow the instructions in appendix A to install your Kubernetes cluster, and then return to this chapter to get started.

We’ll start by reviewing some basics about Kubernetes architecture and configuration. If you are already well versed in Kubernetes, the next few pages, in which we’ll establish the initial configuration for your web service, should be very familiar. We’ll dive into Kubernetes Secrets after we complete the default setup.

2.1 Kubernetes architecture

2.1.1 What is a master Node?

2.1.2 What is a worker Node?

2.2 Deploying workloads in Kubernetes

2.2.1 Deploying a workload

2.2.2 Deployment objects

2.2.3 Volume

2.3 Managing application configuration

2.3.1 ConfigMaps

2.4 Using Kubernetes Secrets to store sensitive information

2.4.1 Secrets are encoded in Base64

2.4.2 Secrets are mounted in a temporary file system