File references: https://github.com/StephenGrider/DockerCasts/tree/master/complex
- "generic" - used in most cases for general encrypted data
- "docker-registry" - used for settings up some type of auth with a docker registry
- "tls" - used specifically for HTTPS setup with TLS keys/tokens
kubectl <imperative command> <object type> <secret type> <secret name> --from-literal <key=value>
kubectl create secret generic pgpassword --from-literal PGPASSWORD=password123
Docker Desktop's Kubernetes Dashboard This note is for people using Docker Desktop's built-in Kubernetes. If you are using Minikube, the setup here does not apply to you and can be skipped.
If you are using Docker Desktop's built-in Kubernetes, setting up the admin dashboard is going to take a little more work.
-
Grab the kubectl script we need to apply from the GitHub repository: https://github.com/kubernetes/dashboard
-
We will need to download the config file locally so we can edit it (make sure you are copying the most current version from the repo).
If on Mac or using GitBash on Windows enter the following at the root of your project directory:
curl -O https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yamlIf using PowerShell:
Invoke-RestMethod -Uri https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml -Outfile kubernetes-dashboard.yaml -
Open up the downloaded file in your code editor and find line 116. Add the following two lines underneath --auto-generate-certificates:
args:
- --auto-generate-certificates
- --enable-skip-login
- --disable-settings-authorizer -
Run the following command inside the directory where you downloaded the dashboard yaml file a few steps ago:
kubectl apply -f kubernetes-dashboard.yaml -
Start the server by running the following command:
kubectl proxy -
You can now access the dashboard by visiting:
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
-
You will be presented with a login screen
-
Click the "SKIP" link next to the SIGN IN button.
-
You should now be redirected to the Kubernetes Dashboard:
Important! The only reason we are bypassing RBAC Authorization to access the Kubernetes Dashboard is because we are running our cluster locally. You would never do this on a public facing server like Digital Ocean and would need to refer to the official docs to get the dashboard setup: https://github.com/kubernetes/dashboard/wiki/Access-control
Every time a new kubernetes cluster is created in G-Cloud for a new project, to access and use the "kubectl" command to create secrets in the cloud or other configuration data, the following steps will need to be followed:
-
Open the Cloud Shell in G-Cloud Dashboard (icon on top bar)
-
Type the following commands:
gcloud config set project [GCLOUD PROJECT NAME ID] gcloud config set compute/zone [GCLOUD COMPUTE ZONE] gcloud container clusters get-credentials [CLUSTER NAME]Usage Example:
gcloud config set project multi-k8s-274002 gcloud config set compute/zone us-central1-c gcloud container clusters get-credentials multi-clusterNOTE: These commands only need to be run ONCE per active kubernetes cluster in the G-Cloud.
-
Open the Cloud Shell in G-Cloud Dashboard (icon on top bar)
-
Run these commands to install and configure HEML V3:
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh chmod 700 get_helm.sh ./get_helm.sh -
Run these commands to install and configure Ingress-Nginx with HELM V3:
helm repo add stable https://kubernetes-charts.storage.googleapis.com/ helm install my-nginx stable/nginx-ingress --set rbac.create=trueEssentially this allows the creation of ingress/routing configurations and rules to the current kubernetes cluster via HELM V3 while still keeping kubernetes security standards intact.