Skip to content

Commit

Permalink
Merge pull request #301 from djkonro/secret
Browse files Browse the repository at this point in the history 
Add notebook on how to create and use a Secret
  • Loading branch information
@mbohlool
mbohlool committed Aug 28, 2017
2 parents 01f6875 + 1cf9418 commit 5128cd8
Showing 1 changed file with 347 additions and 0 deletions.
347 changes: 347 additions & 0 deletions examples/notebooks/create_secret.ipynb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,347 @@
{
"cells": [
{
"cell_type": "markdown",
"metadata": {
"deletable": true,
"editable": true
},
"source": [
"How to create and use a Secret\n",
"================\n",
"\n",
"A [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) is an object that contains a small amount of sensitive data such as a password, a token, or a key. In this notebook, we would learn how to create a Secret and how to use Secrets as files from a Pod as seen in https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"from kubernetes import client, config"
]
},
{
"cell_type": "markdown",
"metadata": {
"deletable": true,
"editable": true
},
"source": [
"### Load config from default location"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"config.load_kube_config()\n",
"client.configuration.assert_hostname = False"
]
},
{
"cell_type": "markdown",
"metadata": {
"deletable": true,
"editable": true
},
"source": [
"### Create API endpoint instance and API resource instances"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"api_instance = client.CoreV1Api()\n",
"sec = client.V1Secret()"
]
},
{
"cell_type": "markdown",
"metadata": {
"deletable": true,
"editable": true
},
"source": [
"### Fill required Secret fields"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"sec.metadata = client.V1ObjectMeta(name=\"mysecret\")\n",
"sec.type = \"Opaque\"\n",
"sec.data = {\"username\": \"bXl1c2VybmFtZQ==\", \"password\": \"bXlwYXNzd29yZA==\"}"
]
},
{
"cell_type": "markdown",
"metadata": {
"deletable": true,
"editable": true
},
"source": [
"### Create Secret"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"api_instance.create_namespaced_secret(namespace=\"default\", body=sec)"
]
},
{
"cell_type": "markdown",
"metadata": {
"deletable": true,
"editable": true
},
"source": [
"### Create test Pod API resource instances"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"pod = client.V1Pod()\n",
"spec = client.V1PodSpec()\n",
"pod.metadata = client.V1ObjectMeta(name=\"mypod\")\n",
"container = client.V1Container()\n",
"container.name = \"mypod\"\n",
"container.image = \"redis\""
]
},
{
"cell_type": "markdown",
"metadata": {
"deletable": true,
"editable": true
},
"source": [
"### Add volumeMount which would be used to hold secret"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"volume_mounts = [client.V1VolumeMount()]\n",
"volume_mounts[0].mount_path = \"/data/redis\"\n",
"volume_mounts[0].name = \"foo\"\n",
"container.volume_mounts = volume_mounts"
]
},
{
"cell_type": "markdown",
"metadata": {
"deletable": true,
"editable": true
},
"source": [
"### Create volume required by secret"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"spec.volumes = [client.V1Volume(name=\"foo\")]\n",
"spec.volumes[0].secret = client.V1SecretVolumeSource(secret_name=\"mysecret\")"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"spec.containers = [container]\n",
"pod.spec = spec"
]
},
{
"cell_type": "markdown",
"metadata": {
"deletable": true,
"editable": true
},
"source": [
"### Create the Pod"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"api_instance.create_namespaced_pod(namespace=\"default\",body=pod)"
]
},
{
"cell_type": "markdown",
"metadata": {
"deletable": true,
"editable": true
},
"source": [
"### View secret being used within the pod\n",
"\n",
"Wait for alteast 10 seconds to ensure pod is running before executing this section."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false,
"deletable": true,
"editable": true
},
"outputs": [],
"source": [
"user = api_instance.connect_get_namespaced_pod_exec(name=\"mypod\", namespace=\"default\", command=[ \"/bin/sh\", \"-c\", \"cat /data/redis/username\" ], stderr=True, stdin=False, stdout=True, tty=False)\n",
"print(user)\n",
"passwd = api_instance.connect_get_namespaced_pod_exec(name=\"mypod\", namespace=\"default\", command=[ \"/bin/sh\", \"-c\", \"cat /data/redis/password\" ], stderr=True, stdin=False, stdout=True, tty=False)\n",
"print(passwd)"
]
},