-
Notifications
You must be signed in to change notification settings - Fork 0
/
Sunlife_Notes
1880 lines (1038 loc) · 36.9 KB
/
Sunlife_Notes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1 sudo yum install -y yum-utils
2 sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
3 sudo yum install docker-ce docker-ce-cli containerd.io
4 systemctl status docker
5 systemctl start docker
6 systemctl status docker
7 history
8 docker --version
9 docker pull ubuntu
10 docker images
11 docker image ls
12 docker pull ubuntu:18.04
13 docker images
14 docker rmi ubuntu:18.04
15 docker pull centos
16 docker container run -it --name c1 -d ubuntu
17 docker ps
18 docker container ls
19 docker container run -it --name c1 -d centos
20 docker container run -it --name c2 -d centos
21 docker container ls
22 docker stop c1
23 docker container ls
24 docker ps -a
25 docker container ls --all
26 history
27 docker start c1
28 docker container ls
29 docker kill c1
30 docker ps -a
31 docker restart c1
32 docker container ls
33 docker stop c1
34 docker rm c1
35 docker ps -a
36 docker rm -f c2
37 docker container ls --all
38 docker container run -it --name c1 -d centos
39 docker container ls --all
40 docker rmi centos
41 docker stop c1
42 docker rmi centos
43 docker stop c1
44 docker rmi centos
45 docker rm c1
46 docker rmi centos
47 docker container -it run --name c1 -d ubuntu
48 docker container run -it --name c1 -d ubuntu
49 docker container ls
50 docker exec -it c1 bash
51 docker ps
52 docker commit c1 webimg
53 docker images
54 docker container run -itd --name c2 webimg
55 docker exec -it c2 bash
56 docker images
57 docker ps -a
58 docker rm -f c1 c2
59 docker container run -itd --name webserver -p 80:80 webimg
60 docker container ls
61 docker exec -it webserver bash
62 vi test.html
63 docker cp test.html webserver:/var/www/html
64 docker exec -it webserver bash
65 docker stats webserver
66 docker top webserver
67 history
68 sudo docker run -m 4m -dit --name web1 nginx
69 sudo docker run -m 8m -dit --name web1 nginx
70 docker stats web1
71 ls /var/lib/docker/
72 docker images
73 docker save webimg > myimg.tar
74 ls
75 docker rm -f $(docker ps -a -q)
76 docker rmi webimg
77 ls
78 docker images
79 docker load <myimg.tar
80 docker images
81 docker container run -itd --name c1 webimg
82 docker container ls
83 docker export c1 mywebimg
84 docker export c1 -o mywebimg
85 docker export c1 -o mywebimg.tar
86 ls
87 docker rm -f c1
88 docker rmi webimg nginx ubuntu
89 docker images
90 ls
91 docker import mywebimg.tar myimg
92 docker images
93 docker load < mywebimg.tar
94 vi Dockerfile
95 docker build -t my-java-app .
96 docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=pass -d mysql:8.0
97 docker ps
98 docker exec -it some-mysql bash
99 docker login
100 docker logout
101 docker login
102 docker images
103 docker rmi 9dac656d25e5
104 docker ps
105 docker ps -a
106 docker rm d8984ae6f588
107 docker rmi 9dac656d25e5
108 docker images
109 docker push myimg
110 docker ps
111 docker commit some-mysql ramansharma95/mydb
112 docker images
113 docker push ramansharma95/mydb
114 docker list
115 docker --help
116 docker images
-----------Registry-------------
1. Create a container with registry docker image
docker container run -d -p 5000:5000 --name local_registry registry
2. Access the container on 5000 port with your serverip ( system's IP)
http://<serverip>:5000/v2/_catalog
3. Inspect the container
docker container inspect local_registry
4. Clone the ubuntu image to localhost:5000/ubuntu:latest
docker image tag ubuntu localhost:5000/ubuntu:latest
5. Push the image to docker registry
docker image push localhost:5000/ubuntu
6. Pull the image with following command ( you can remove the image first and then you can run below command to restore the image)
docker image pull localhost:5000/ubuntu
------------------------Storage------------------
docker volume create demo-vol
docker volume ls //to list the volumes
docker run -it --mount source=demo-vol,destination=/app -d ubuntu
docker run -it --mount source=demo-vol,destination=/test --mount source=demo-vol1,destination=/test1 -d ubuntu
---------------commands---------
docker volume --help
295 docker volume ls
296 docker volume prune
297 docker volume ls
298 docker volume create demo-vol
299 docker volume ls
300 ls /var/lib//docker/
301 ls /var/lib//docker/volumes/
302 docker volume rm demo-vol
303 ls /var/lib//docker/volumes/
304 docker volume create demo-vol
305 docker volume ls
306 ls /var/lib//docker/volumes/
307 ls /var/lib//docker/volumes/demo-vol/
308 ls /var/lib//docker/volumes/demo-vol/_data/
309 docker rm -f c1
310 docker container run -it --name c1 --mount source=demo-vol,destination=/app -d ubuntu
311 docker exec -it c1 bash
312 ls /var/lib//docker/volumes/demo-vol/_data/
313 docker rm -f c1
314 ls /var/lib//docker/volumes/demo-vol/_data/
315 docker container run -itd --name c2 --mount source=demo-vol,destination=/demo ubuntu
316 docker exec -it c2
317 docker exec -it c2 bash
318 docker container run -itd --name c3 --mount source=demo-vol,destination=/demo1 ubuntu
319 docker exec -it c3 bash
320 ls /var/lib//docker/volumes/demo-vol/_data/
321 touch /var/lib//docker/volumes/demo-vol/_data/5
322 ls /var/lib//docker/volumes/demo-vol/_data/
323 docker exec -it c3 bash
324 docker volume rm demo-vol
325 ls
326 rm -ifr /var/lib/docker/volumes/demo-vol/_data/
327 ls /var/lib//docker/volumes/demo-vol/_data/
328 docker exec -it c2 bash
329 ls /var/lib//docker/volumes/demo-vol/_data/
330 mkdir /var/lib//docker/volumes/demo-vol/_data
331 ls /var/lib//docker/volumes/demo-vol/_data/
332 touch /var/lib//docker/volumes/demo-vol/_data/1
333 docker exec -it c2 bash
334 docker rm -f c2 c3
335 docker volume prune
336 docker volume ls
---------------------------------
----------Docker Bind Mount Example
docker run -it -v /home/ubuntu/mount:/demo -d ubuntu
---commands----
mkdir mydir
343 docker container run -it -d --name c4 -v /home/centos/mydir:/app ubuntu
344 docker exec -it c4 bash
345 ls mydir/
346 docker container inspect c4
347 cd mydir/`
348 cd mydir/
349 touch 5 6
350 ls
351 docker exec -it c4 bash
---------------
------------------------Docker file--------------------
Docker can build images automatically by reading the instructions from a Dockerfile. A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession.
Some of the Keyword's definition
FROM
is define th base image on which we are building eg FROM ubuntu
ADD
is used to add the files to the container being built, ADD <source> <destination in the container>
RUN
is used to add layers to the base image, by installing components.Each RUN statement add a new layer to the docker image
CMD
is used to run the command on start of the container.These commands run when there is no argument specified while running the container.
ENTRYPOINT
is used to strictly run the commands the moment the container intializes. The difference between CMD and ENTRYPOINT is, ENTRYPOINT runs irrespective of the fact that whether the argument is specified or not.
ENV
is used to define the environment in container.
docker build
Description
Build an image from a Dockerfile
sudo docker build -t nonrootimage . # create custom image (nonrootimage)
Examples.
Create an image which has base image ubuntu and apache2 is to be installed on it and create an index.html file in current directory, all the files from the current directory is to be copied to /var/www/html folder. Once the container is started it should run the apache service and also create one environment variable called "name" and it should have value "DEVOPS
FROM ubuntu
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN apt-get -y install apache2
ADD . /var/www/html
ENTRYPOINT apachectl -D FOREGROUND
ENV name DEVOPS
Run below command to build the image
docker build . -t img1 #Created the image from above Dockerfile
Example 2
Create a Docker file which uses a base image of CentOS 7 and create a user john and change to non-root privilege
# Base image is CentOS 7
FROM centos:7
# Add a new user "john" with user id 8877
RUN useradd -u 8877 john
# Change to non-root privilege
USER john
Example 3
#Eample of COPY and ADD
FROM centos:7.4.1708
RUN mkdir /mydata
COPY myfiles /mydata/myfiles
ADD myfile2 /mydata/myfile2
ADD https://mirrors.estointernet.in/apache/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz /mydata
ADD apache-maven-3.6.3-src.tar.gz /mydata/maven
------------------------------------------------------------------
# CMD and ENTRYPOINT
FROM ubuntu
CMD echo "Hello World"
docker build . -t img1 #Created the image from above Dockerfile
docker run -it img1 # it will return Hello World
docker run -it img1 echo "Hello India" # it will overwrite the CMD and Print Hello India
FROM ubuntu
ENTRYPOINT ["echo","Hello World"]
docker build . -t img1 #Created the image from above Dockerfile
docker run -it img1 # it will return Hello World
docker run -it img1 echo "Hello India" # it will not overwrite the ENTRYPOINT and Print Hello World echo Hello India
FROM ubuntu
ENTRYPOINT ["echo"]
CMD ["Hello World"]
docker build . -t img1 #Created the image from above Dockerfile
docker run -it img1 # it will return Hello World
Note:- if the file name is not Dockerfile
docker build . -f abc -t img8 # abc is the file name which represents the dockerfile contents
-------------------------------------------------------
-------------------Docker compose------------
---Installation
389 sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
390 sudo mv /usr/local/bin/docker-compose /usr/bin/docker-compose
391 sudo chmod +x /usr/bin/docker-compose
392 docker-compose
393 docker-compose --version
---example-1
version: '3.3'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
---Example-2
version: '3.3'
services:
db:
image: ramansharma95/mysql
webapp:
image: ramansharma95/webapp
ports:
- "84:80"
----command to run the docker compose file
docker-compose up -d
docker-compose down
------------------------Assignment-------------------------------------------
1. Create a container called webserver with ubuntu docker image. Ans :-docker contaienr run -itd --name webserver ubuntu
2. Install apache server in the container(webserver) Ans:- docker exec -it webserver bash , then apt update , apt install apache2 -y
3. Start apache service in the container Ans:- service apache2 start
4. Access apache default page on the web browser, Ans docker commit webserver webimg, docker container run -itd --name c1 -p 80:80 webimg
5. Create a new webpage myapp.html on the host machine and copy it to /var/www/html folder in webserver container. Ans docker cp myapp.html /var/www/html/
6. Access myapp.html page on the browser Ans: publicip:80
7. Check how much memory and cpu is consumed by web server containers. docker stats c1
8. Stop the container and verify that you are not able to access apache website on browser. docker stop c1
9. Start container and now you should be able to access the apache website. docker start c1
10. Remove webserver container docker rm -f c1
----------------------------------------Kubernetes------------------
---------Instalation
--------------on Centos on all master and client machine
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg \
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# Set SELinux in permissive mode (effectively disabling it)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
---------------Create Master Server
On master machine run the below command
1. kubeadm init --apiserver-advertise-address=<<Master ServerIP>> --pod-network-cidr=192.168.0.0/16
2. mkdir -p $HOME/.kube
3. sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
4. sudo chown $(id -u):$(id -g) $HOME/.kube/config
Calico yaml file is to be applied
5. Run the join command on each of the worker node which you want to join in the cluser.
kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
7. Run kubectl get nodes command on master node
-------------------------------------------------------------------
Pod Overview -Lab
LAB
1.# nginx-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
labels:
app: nginx
tier: dev
spec:
containers:
- name: nginx-container
image: nginx
2. Create and display Pods
# Create and display PODs
kubectl create -f nginx-pod.yaml
kubectl get pod
kubectl get pod -o wide
kubectl get pod nginx-pod -o yaml
kubectl describe pod nginx-pod
3. Test & Delete
# To get inside the pod
kubectl exec -it nginx-pod -- /bin/sh
# Create test HTML page
cat <<EOF > /usr/share/nginx/html/test.html
<!DOCTYPE html>
<html>
<head>
<title>Testing..</title>
</head>
<body>
<h1 style="color:rgb(90,70,250);">Hello, DevopsWorld...!</h1>
<h2>Congratulations, you passed :-) </h2>
</body>
</html>
EOF
exit
# Expose PODS using NodePort service
kubectl expose pod nginx-pod --type=NodePort --port=80
# Display Service and find NodePort
kubectl describe svc nginx-pod
kubectl get svc
# Open Web-browser and access webapge using
http://nodeip:nodeport/test.html
# Delete pod & svc
kubectl delete svc nginx-pod
kubectl delete pod nginx-pod
-----------------------------LAB2------------------------------
nodeName is the field in PodSpec.It specifies that a pod is to run on a particular node
Example: If you want to run a pod on worker node kwn1, then the pod creation script will be a mentioned below
Step1:- Create a file called nodeName.yaml
#nodeName.yaml
apiVersion: v1
kind: Pod
metadata:
name: podonkwn1
spec:
containers:
- name: nginx-container
image: nginx
nodeName: kwn1
Step2: Create the pod by running below command
kubectl create -f nodeName.yaml
Step3: Verify the pods are getting created on kwn1 or not by running below command
kubectl get pods -o wide
nodeSelector
nodeSelector is the simplest recommended form of node selection constraint. nodeSelector is a field of PodSpec. It specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels (it can have additional labels as well). The most common usage is one key-value pair.
Example: Create a Pod on the worker node which is of production environment, means the worker nodes which has label env=prod
Step1: Check the labels on all the nodes
kubectl get nodes --show-labels
Step2: Check the label on a specific node ( say kwn2)
kubectl get nodes --show-labels kwn2
Step3: Create a label env=prod for a worker node ( say kwn2)
kubectl label nodes kwn2 env=prod
Step4: Create a pod with nodeSelector specification. Create file with name nodeselector.yaml
#nodeselector.yaml
apiVersion: v1
kind: Pod
metadata:
name: podnodeselector
spec:
containers:
- name: container1
image: nginx
nodeSelector:
env: prod
Step5: Create the pod by running below command
kubectl create -f nodeselector.yaml
Step6: Verify the pod “podselector” is created on kwn2 by running below command
kubectl get pods -o wide
----------------------Secrets---------------------------
Secrets same as ConfigMap sensitive data( password Authtoken ssh keys)
1. Secrets to store the confidential data
2. Secrets use by default base64 algorithm to encode the data
3. Secrets are mapped to pod where these are decoded on Pod level
4. It stores the data in Key-Value pair
5. from file and from literal
6. Data should not be more than 1 MB
7. you can store the data from text files
8. Secret data is stored in etcd database
LAB
# 1. Creating Secret using Kubectl & Consuming it from "volumes" inside Pod
1a. Creating secret using "Kubectl":
------------------------------------
echo -n 'admin' > username.txt
echo -n 'pa$$w00rd' > password.txt
kubectl create secret generic nginx-secret-vol --from-file=username.txt --from-file=password.txt
# rm -f username.txt password.txt
kubectl get secrets
kubectl describe secrets nginx-secret-vol
1b. Consuming "nginx-secret-vol" from "volumes" inside Pod
--------------------------------------------------------
#nginx-pod-secret-vol.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod-secret-vol
spec:
containers:
- name: nginx-container
image: nginx
volumeMounts:
- name: test-vol
mountPath: "/etc/confidential"
readOnly: true
volumes:
- name: test-vol
secret:
secretName: nginx-secret-vol
==========================================================
1c. Create | Display | Validate:
--------------------------------
# Create
kubectl create -f nginx-pod-secret-vol.yaml
# Display
kubectl get po
kubectl get secrets
kubectl describe pod nginx-pod-secret-vol
# Validate from "inside" the pod
kubectl exec nginx-pod-secret-vol -it /bin/sh
cd /etc/confidential
ls
cat username.txt
cat password.txt
exit
(OR)
# Validate from "outside" the pod
kubectl exec nginx-pod-secret-vol ls /etc/confidential
kubectl exec nginx-pod-secret-vol cat /etc/confidential/username.txt
2. Creating Secret "manually" using YAML file & Consuming it from "environment variables" inside Pod
2a. Creating Secret using YAML file:
-------------------------------------
# Encoding secret
echo -n 'admin' | base64
echo -n 'pa$$w00rd' | base64
# YAML file
# redis-secret-env.yaml
apiVersion: v1
kind: Secret
metadata:
name: redis-secret-env
type: Opaque
data:
username: YWRtaW4=
password: cGEkJHcwMHJk
kubectl create -f redis-secret-env.yaml
kubectl get secret
kubectl describe secret redis-secret-env
===============================================================================
2b. Consuming “redis-secret-env” secret from “Environment Variables” inside pod
# redis-pod-secret-env.yaml
apiVersion: v1
kind: Pod
metadata:
name: redis-pod-secret-env
spec:
containers:
- name: redis-container
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: redis-secret-env
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secret-env
key: password
restartPolicy: Never
===============================================================================
2c. Create | Display | Validate:
# Create
kubectl create -f redis-pod-secret-env.yaml
# Display
kubectl get pods
kubectl get secrets
kubectl describe pod redis-pod-secret-env
# Validate from "inside" the pod
kubectl exec redis-pod-secret-env -it /bin/sh
env | grep SECRET
exit
(OR)
# Validate from "outside" the pod
kubectl exec redis-pod-secret-env env | grep SECRET
***************************************************************************
#Decode the secrets
kubectl get secret redis-secret-env -o yaml
echo 'cGEkJHcwMHJk' | base64 --decode
*************************************************************************************************************************************************
3. Cleanup
# Delete secrets
kubectl delete secrets nginx-secret-vol redis-secret-env
# Delete pods
kubectl delete pods nginx-pod-secret-vol redis-pod-secret-env
# Validate
kubectl get pods
kubectl get secrets
------------------------------------RBAC------------
By Raman
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization.
LAB
kubectl create ns finance
openssl genrsa -out john.key 2048 # it will create a private key
openssl req -new -key john.key -out john.csr -subj "/CN=john/O=javadeveloper"