Docker and Kubernetes Training Course - chaitanya-9nl6-20241218-115100

Visit the Docker and Kubernetes Training Course course recordings page

                WEBVTT

00:00:00.000 --> 00:00:09.280
okay so now let's continue yeah so you're doing this

00:00:17.340 --> 00:00:25.460
are you done till here first step okay fine now the next step is try to create a pod

00:00:47.220 --> 00:00:48.620
you

00:00:48.620 --> 00:00:52.240
and save this again you can apply

00:00:52.720 --> 00:01:02.600
join is there any feedback link or something they have to take it at the end of the session

00:01:02.600 --> 00:01:18.180
today join and type in ENV and you see the information coming up do the same for volume

00:01:18.780 --> 00:01:24.760
and confirm once you're done

00:01:28.940 --> 00:01:35.080
it's uh charles are you good you're getting it good yes so now do the other method charles

00:01:35.080 --> 00:01:42.660
and others do the other method for volumes amount of this exit exit exit charles please

00:01:43.680 --> 00:01:50.780
yeah create one more yaml file or you can play around try to make some changes in the yaml file

00:01:50.780 --> 00:01:57.240
of config map refresh and see whether changes are getting updated in your volume based or

00:01:57.240 --> 00:01:58.820
ENV based play around

00:02:17.480 --> 00:02:24.800
yes are we good so if we do on your volume method you have to do a cat and the file name

00:02:24.800 --> 00:02:29.680
use a volume method you have to go to etc config give it the file names you have to do a cat

00:02:29.680 --> 00:02:35.360
and the file name yeah yeah that's how it works now you can do one more gene others try to

00:02:35.360 --> 00:02:41.100
make some change in your config map apply it and see whether data gets updated in your

00:02:41.100 --> 00:02:47.180
yeah the config map yeah dot yaml make some changes so make some change uh enter

00:02:48.360 --> 00:02:53.620
no no you're in the content yes make some changes so for example modify database name

00:02:53.620 --> 00:03:01.740
to my sequel for example insert mode modify the database to mongo db not that yeah yeah

00:03:01.740 --> 00:03:08.060
yes below that below line what anything just modify anything okay and save this

00:03:09.760 --> 00:03:20.140
save this and apply it apply apply hyphen f and the file name okay so now login to the

00:03:20.140 --> 00:03:24.760
part which you get using volume method and check if you see a contents getting updated

00:03:24.760 --> 00:03:30.620
do you know the part name yeah yeah the volume one the second the first one

00:03:30.620 --> 00:03:40.060
exec config map hyphen volume space hyphen f and bash yeah so now go to cd

00:03:43.260 --> 00:03:44.540
false etc

00:03:45.660 --> 00:03:53.940
forward slash config yeah enter now do ls yeah whatever you see changes getting updated

00:03:53.940 --> 00:04:00.160
yeah you see so in your volume you can see now try to do the same try to go and do the

00:04:00.160 --> 00:04:06.720
env method and check whether the data getting updated env method log into the other part and

00:04:06.720 --> 00:04:13.260
observe type in env no no type in env and you see that the changes are not getting updated you

00:04:13.260 --> 00:04:20.840
observe that the older one so if you want the changes so volume is a update better method than

00:04:20.840 --> 00:04:28.540
env clear okay others are we good okay uh then junwe charles any questions and uh

00:04:28.540 --> 00:04:36.940
practicing once again let's wait for others you know go inside env did it make some change

00:04:37.700 --> 00:04:41.980
okay so you don't see the changes getting updated the top you still see the older one

00:04:44.980 --> 00:04:47.420
okay ck are we good charles be good

00:04:50.720 --> 00:04:56.500
okay so this is about your content the next one is secrets so what are secrets what are

00:04:58.220 --> 00:05:04.920
secrets so we all tell some secrets to your friends yes or no do you say secrets your friends

00:05:06.500 --> 00:05:10.500
no you don't say any secret your friends yes we say secrets your friends

00:05:11.680 --> 00:05:17.020
yeah so similarly secrets are very very confidential obviously so you do not want others

00:05:17.020 --> 00:05:24.240
to know so similarly we have secrets uh in kubernetes in which you can save in passwords

00:05:24.800 --> 00:05:31.720
you can save in tokens you can save in private keys which is very confidential which you do

00:05:31.720 --> 00:05:38.920
not want to expose in the main file we use the secrets let's learn about it so i said for

00:05:38.920 --> 00:05:54.220
secrets and this is your yaml file of your documentation of secrets so what is secret the

00:05:54.860 --> 00:06:00.980
is something which you do not want to put in the main file and there are different types of

00:06:00.980 --> 00:06:08.960
secrets and remember amazon doesn't encrypt it they do the encryption they do not encrypt it

00:06:08.960 --> 00:06:15.160
you are supposed to do encryption so you need to do encryption you are supposed to

00:06:15.160 --> 00:06:20.760
manage the access management you have to protect your passwords even if you're saving secrets

00:06:21.860 --> 00:06:29.740
and they provided different types of secret which you can use so example they provide you

00:06:29.740 --> 00:06:37.740
type of opaque if you mention as opaque it will get created using the gender category you

00:06:37.740 --> 00:06:42.020
cannot classify so if you want service account token like this we can use metadata if you

00:06:42.020 --> 00:06:47.880
are using service account you want to save it use this metadata for docker all these are

00:06:47.880 --> 00:06:56.840
examples so what is opaque so opaque is a generic method it will not have any specific type in it

00:06:56.840 --> 00:07:05.100
just mention it get saved in the backend but now when you want to store service account

00:07:05.100 --> 00:07:11.740
token for example you can mention the annotations and say this is for the service

00:07:11.740 --> 00:07:19.880
account so tomorrow if you want to know which type of data you saved in secrets you can do

00:07:19.880 --> 00:07:25.680
a filtering or processing and see the annotation yes so this secret is for a service account

00:07:25.680 --> 00:07:29.260
that's how you understand it sometimes you get confused or you want to know which one

00:07:30.440 --> 00:07:37.140
and then put the data inside it now if you want to store like docker configurations i would

00:07:37.140 --> 00:07:42.040
use the type as docker configuration and then i save in the docker configuration information

00:07:43.120 --> 00:07:51.320
if you want to use it for example for password and usernames for example very basic

00:07:51.320 --> 00:07:57.400
so that use the type as secret basic auth and then username and password which is encrypted

00:07:57.400 --> 00:08:05.560
now we can also use it for private keys for that use ssh auth so either you can mention

00:08:05.560 --> 00:08:11.500
default opaque if you don't want or you can classify to specific categories

00:08:11.500 --> 00:08:15.080
that's what we're talking about in the annotations and all we have to mention

00:08:16.720 --> 00:08:23.860
data certificates you can store and you can use some of the tokens all these are use cases

00:08:23.860 --> 00:08:31.380
where you can use secrets so similar to how you can get retrieved in for your config map

00:08:31.380 --> 00:08:37.200
similarly you can retrieve it using your enbs and the volume methods

00:08:39.180 --> 00:08:46.240
so let's see the lab so lab two so you can use some methods like this

00:08:46.240 --> 00:08:52.620
so i'm using a base64 encryption i want to store these two in my secret

00:08:53.140 --> 00:08:58.640
so i may use base64 to get some value and then you can store it inside your secret

00:08:59.660 --> 00:09:07.960
but base64 is not very strong someone can easily decrypt it so you have to use much strict

00:09:07.960 --> 00:09:15.260
mechanisms so this is one method so you can use your other methods also or if you use

00:09:15.260 --> 00:09:24.380
generic method it does a base64 either you can do like this right now base64 and do it

00:09:24.380 --> 00:09:31.440
or directly if you do it generate it is going to a base64 encryption and then you store it

00:09:31.440 --> 00:09:36.800
is the one method you can use then we do a describe secret these are optional just for

00:09:36.800 --> 00:09:42.620
observing for you with your base64 anyone can go ahead and easily get the data to decrypt it

00:09:43.540 --> 00:09:49.580
so four and five just for observation that how we can decode it in case one decode next

00:09:49.580 --> 00:09:56.020
we will start from the task two so you have created a secret now how do you retrieve it

00:09:56.020 --> 00:10:03.960
so you would want to mention that data what you have in my secret you map it to a variable

00:10:03.960 --> 00:10:09.860
like secret underscore username similarly whatever you save in a secret password

00:10:09.860 --> 00:10:13.980
it will have an information of my secret the password what you saved

00:10:14.730 --> 00:10:21.670
that will get mounted to this variable so now once you're done you create a part log in the

00:10:21.670 --> 00:10:27.210
part and it actually can do a print or log into the machine and do an env you see the

00:10:27.210 --> 00:10:36.530
information similarly you can also mount the details to volume so go ahead and mount to

00:10:36.530 --> 00:10:44.130
volume so this is your mount path and the actual data of the volume is this one this one is

00:10:44.130 --> 00:10:50.490
getting mounted to a volume named this and this is a mount path log into the container

00:10:50.490 --> 00:10:55.150
and go to the location and you can see the password same what we did before are we clear

00:10:55.150 --> 00:10:59.310
let's get started either you can use this method or directly you can use this method

00:10:59.310 --> 00:11:04.510
also so that we if you want you can actually use this method so that we copy this and create it

00:11:20.070 --> 00:11:22.290
and say get sequence

00:11:24.170 --> 00:11:28.150
so since we did not mention any type it creates your opaque

00:11:29.290 --> 00:11:35.570
do a describe of the secret and see what exactly does it have

00:11:39.630 --> 00:11:45.530
so when you do outside you cannot see the actual values you can see the actual value

00:11:45.530 --> 00:11:50.690
one day when you log in okay please start do yourself give an idea about how to do this

00:11:50.690 --> 00:11:54.530
please do next step please do yourself you're good to do the next step

00:11:55.410 --> 00:12:06.290
you could skip the three four five this for observation so directly you can go to

00:12:08.070 --> 00:12:12.130
yeah yeah if you want you can do it if you want to observe this you can do it yeah

00:12:13.550 --> 00:12:20.670
you can do whatever you can play around you can observe you can play around and then you

00:12:39.170 --> 00:12:42.910
have a good big questions what are trying to do you're supposed to go to

00:12:43.090 --> 00:12:47.950
uh in your container

00:12:47.950 --> 00:12:54.210
the container and go to the path which one was it you created engine x2

00:12:56.210 --> 00:12:58.530
the latest one what he created was engine x2 correct

00:13:00.310 --> 00:13:07.630
once again it not a secret once again let me confirm one used to use for was my secret

00:13:07.630 --> 00:13:17.950
one correct yeah my secret one okay yeah okay go inside secret env one that is done now go

00:13:17.950 --> 00:13:25.850
into engine x2 go inside engine x2 now login engine x2 execute exec hyphen it engine x2 kk is

00:13:25.850 --> 00:13:33.830
missing exec hyphen it base hyphen it engine x2 hyphen hyphen bash hyphen it in the next space

00:13:33.830 --> 00:13:45.430
yeah enter now inside this go to cd forward slash data data data forward slash db db yeah enter

00:13:47.250 --> 00:13:54.670
do ls do a cat do a cat password type in cat space password now do a cat username

00:13:54.670 --> 00:13:59.230
queue i just said ck are you good okay

00:14:02.190 --> 00:14:08.550
genv you're good okay fine now we'll do one more lab last lab and then take a break

00:14:08.550 --> 00:14:15.470
okay so let's we'll do one more lab in a secret itself so before we start delete the parts

00:14:23.570 --> 00:14:31.410
okay next one i'll explain the lab in lab three i have a certificate in this location and this

00:14:31.410 --> 00:14:39.170
is here we talk about tls and i have this is my location where i have the key so for example

00:14:39.170 --> 00:14:47.150
if i access this in my laptop i can download the certificate on my laptop in this similarly

00:14:47.150 --> 00:14:55.330
we also have a certificate the website so i i'm trying to download these two inside my vm

00:14:55.890 --> 00:15:02.610
that is on the master and then you say create a secret generic and you want to encrypt

00:15:02.630 --> 00:15:10.710
these information and the secret name is this and this is a file name so both these are going to

00:15:10.710 --> 00:15:20.490
save as a secret inside to confirm by doing describe and see some values now so what is

00:15:20.490 --> 00:15:25.230
tls certificate used for what the purpose of tls certificate what why do we use this testing

00:15:25.230 --> 00:15:30.810
why do you use this anyone you all know you all know that bank net banking on the right side

00:15:30.810 --> 00:15:36.070
you see a lock a small lock you see this something like this you're seeing the browser yes no so what

00:15:36.070 --> 00:15:42.130
exactly does so when you're trying to log in from your laptop and it has to reach your server

00:15:42.130 --> 00:15:49.530
the traffic from here to here gets encrypted doing encryption we use tls certificate and

00:15:49.530 --> 00:15:55.730
if you have a hacker example you have a hacker we'll make some diagrams so the hacker

00:15:55.730 --> 00:16:00.350
cannot see the information what is going here because this encrypted this is what

00:16:00.350 --> 00:16:05.890
tls certificate we normally bind these certificate to a user and the user traffic

00:16:05.890 --> 00:16:13.230
goes from say encrypted once for the use case so this is one use case other one is

00:16:13.230 --> 00:16:21.550
if a pod is communicating with api for any service you want these two to use the tls

00:16:21.550 --> 00:16:27.950
certificates so they can use data certificate between users and the backend services or

00:16:27.950 --> 00:16:36.650
between services so now i have a certificate i want to use the certificate for pod to

00:16:36.650 --> 00:16:42.910
communicate outside world using the certificate that's my use case so what i do i want to

00:16:44.150 --> 00:16:52.670
in my pod i create a pod and in the pod i mount that to a path so it picks up the certificate

00:16:52.670 --> 00:17:00.690
from this location and it starts using it for communication so once you create a pod

00:17:00.690 --> 00:17:09.030
i would once i do something like this so i do qfc to port forward it means that it is trying

00:17:09.030 --> 00:17:15.150
to do some other port or something when it's trying to do it and when i do this it'll go

00:17:15.150 --> 00:17:22.090
ahead and it'll use the certificate in the backend to do a quick in here do it and you

00:17:22.090 --> 00:17:29.150
open a new session and see the logs of it and you would see a certificate being used

00:17:29.150 --> 00:17:35.270
now you see the logs of it it means that the certificate is being used by the pod

00:17:37.110 --> 00:17:41.370
okay understood everyone yeah let's do this so you have to create you have to

00:17:41.370 --> 00:17:44.510
don't disturb the existing session the last step try to create a new session

00:17:44.510 --> 00:17:50.750
into the logs of it like we can see the output easily so let's get started so first do a curl

00:18:09.470 --> 00:18:10.070
okay

00:18:10.070 --> 00:18:12.230
don't go control still wait till it comes in property

00:18:17.010 --> 00:18:23.830
use apparel just modify these values like this

00:18:27.810 --> 00:18:37.850
okay got it now do a ls and see those do a cat of the files observe the certificate and the key

00:18:37.850 --> 00:18:47.530
do a cat so this is your certificate the public certificate

00:18:48.950 --> 00:18:51.490
another one is your private key

00:18:56.550 --> 00:19:01.650
and how do you know it if it says begin private key it means it is a private keys

00:19:02.330 --> 00:19:09.030
and other say is the algorithm so now i want to store these in my secret that's my use case

00:19:11.090 --> 00:19:12.570
copy the man

00:19:15.130 --> 00:19:16.030
and runs

00:19:24.130 --> 00:19:25.590
okay get secrets

00:19:27.870 --> 00:19:29.070
that's fine

00:19:34.630 --> 00:19:42.530
yeah okay do all the steps so create a secret and then do a describe secret

00:19:43.590 --> 00:19:49.850
and observe it good so now what we do is we want to use that in my part just create a pod

00:19:50.810 --> 00:19:57.850
and use it go down and copy the file

00:20:09.770 --> 00:20:14.410
we can say pod secret dot yaml

00:20:15.710 --> 00:20:21.550
so move and paste it

00:20:27.470 --> 00:20:29.310
apply it

00:20:35.390 --> 00:20:36.290
get pods

00:20:44.750 --> 00:20:49.630
while doing this collect the pod and see what is the pod has

00:20:53.510 --> 00:20:55.310
and you say that it is mounted

00:20:57.250 --> 00:20:59.250
the tls concepts

00:21:05.550 --> 00:21:07.310
now do a port forward

00:21:12.310 --> 00:21:14.110
paste it run

00:21:14.750 --> 00:21:16.590
so you can try to

00:21:19.550 --> 00:21:27.310
okay so now what you do is go ahead and create one more terminal

00:21:37.550 --> 00:21:42.050
open a terminal and now login the same machine

00:22:10.270 --> 00:22:12.810
loss and pod name

00:22:16.750 --> 00:22:23.450
and you see this coming in something as you can play around a simple example of

00:22:23.450 --> 00:22:32.110
how we can use the certificate mounted in this. Let me know once you're done

00:22:38.050 --> 00:22:45.590
yes yes okay the simple example thing so so we learned about config maps config

00:22:45.590 --> 00:22:51.430
maps are for non-sensitive information secrets use sensitive information and

00:22:52.290 --> 00:22:56.050
for secrets we again have classifications in which you can generate

00:22:56.050 --> 00:23:01.430
or could be you can mention the annotation types we can separate we can

00:23:01.430 --> 00:23:10.250
mount using ENVs and volumes yeah so are we good for lunch break everyone okay so

00:23:10.250 --> 00:23:20.770
we'll be back by 1 30 your time okay thank you break till 1 30