{ "cells": [ { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "How to create and use a Secret\n", "================\n", "\n", "A [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) is an object that contains a small amount of sensitive data such as a password, a token, or a key. In this notebook, we would learn how to create a Secret and how to use Secrets as files from a Pod as seen in https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true, "deletable": true, "editable": true }, "outputs": [], "source": [ "from kubernetes import client, config" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### Load config from default location" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true, "deletable": true, "editable": true }, "outputs": [], "source": [ "config.load_kube_config()\n", "client.configuration.assert_hostname = False" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### Create API endpoint instance and API resource instances" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true, "deletable": true, "editable": true }, "outputs": [], "source": [ "api_instance = client.CoreV1Api()\n", "sec = client.V1Secret()" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### Fill required Secret fields" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true, "deletable": true, "editable": true }, "outputs": [], "source": [ "sec.metadata = client.V1ObjectMeta(name=\"mysecret\")\n", "sec.type = \"Opaque\"\n", "sec.data = {\"username\": \"bXl1c2VybmFtZQ==\", \"password\": \"bXlwYXNzd29yZA==\"}" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### Create Secret" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": false, "deletable": true, "editable": true }, "outputs": [], "source": [ "api_instance.create_namespaced_secret(namespace=\"default\", body=sec)" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### Create test Pod API resource instances" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true, "deletable": true, "editable": true }, "outputs": [], "source": [ "pod = client.V1Pod()\n", "spec = client.V1PodSpec()\n", "pod.metadata = client.V1ObjectMeta(name=\"mypod\")\n", "container = client.V1Container()\n", "container.name = \"mypod\"\n", "container.image = \"redis\"" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### Add volumeMount which would be used to hold secret" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true, "deletable": true, "editable": true }, "outputs": [], "source": [ "volume_mounts = [client.V1VolumeMount()]\n", "volume_mounts[0].mount_path = \"/data/redis\"\n", "volume_mounts[0].name = \"foo\"\n", "container.volume_mounts = volume_mounts" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### Create volume required by secret" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true, "deletable": true, "editable": true }, "outputs": [], "source": [ "spec.volumes = [client.V1Volume(name=\"foo\")]\n", "spec.volumes[0].secret = client.V1SecretVolumeSource(secret_name=\"mysecret\")" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true, "deletable": true, "editable": true }, "outputs": [], "source": [ "spec.containers = [container]\n", "pod.spec = spec" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### Create the Pod" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": false, "deletable": true, "editable": true }, "outputs": [], "source": [ "api_instance.create_namespaced_pod(namespace=\"default\",body=pod)" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### View secret being used within the pod\n", "\n", "Wait for at least 10 seconds to ensure pod is running before executing this section." ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": false, "deletable": true, "editable": true }, "outputs": [], "source": [ "user = api_instance.connect_get_namespaced_pod_exec(name=\"mypod\", namespace=\"default\", command=[ \"/bin/sh\", \"-c\", \"cat /data/redis/username\" ], stderr=True, stdin=False, stdout=True, tty=False)\n", "print(user)\n", "passwd = api_instance.connect_get_namespaced_pod_exec(name=\"mypod\", namespace=\"default\", command=[ \"/bin/sh\", \"-c\", \"cat /data/redis/password\" ], stderr=True, stdin=False, stdout=True, tty=False)\n", "print(passwd)" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### Delete Pod" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": false, "deletable": true, "editable": true }, "outputs": [], "source": [ "api_instance.delete_namespaced_pod(name=\"mypod\", namespace=\"default\", body=client.V1DeleteOptions())" ] }, { "cell_type": "markdown", "metadata": { "deletable": true, "editable": true }, "source": [ "### Delete Secret" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": false, "deletable": true, "editable": true }, "outputs": [], "source": [ "api_instance.delete_namespaced_secret(name=\"mysecret\", namespace=\"default\", body=sec)" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "collapsed": true, "deletable": true, "editable": true }, "outputs": [], "source": [] } ], "metadata": { "kernelspec": { "display_name": "Python 2", "language": "python", "name": "python2" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 2 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython2", "version": "2.7.6" } }, "nbformat": 4, "nbformat_minor": 2 }