Namespaces
kubectl get pods --namespace=dev
kubectl get pods --namespace=default
kubectl config set-context $(kubectl config current-context) --namespace=dev
ConfigMap
kubectl create configmap myconfigmap --from-literal=APP_COLOR=blue
kubectl create -f myconfigmap.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfigmap
data:
APP_COLOR: blue
APP_MODE: prod
then you inject into a container definition using
envFrom:
- configMapRef
name: myconfigmap
kubectl get configmaps
kubectl describe configmaps db-config
Secrets
kubectl create secret generic mysecret --from-literal=mykey=myvalue
apiVersion: v1
kind: Secret
metadata:
name: app-secret
data:
DBHost: mysql
DBUser: root
DBPassword: password
kubectl create -f secret_data.yaml
SECURITY
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/you can declare at Pod or container level:
spec:
securityContext:
runAsUser: 1000
capabilities:
add: ["MAC_ADMIN"]
#check which user runs the container
kubectl exec ubuntu-sleeper whoami
kubectl create serviceaccount dashboard-sa
kubectl get serviceaccount
kubectl describe serviceaccount dashboard-sa
kubectl describe secret dashboard-sa-account-token
curl https://myip/api -insecure --header "Authorization: Bearer PASTE_THE_TOKEN_HERE"