Difficulty: advanced
Estimated Time: 30-90 minutes

Welcome to the Boxboat Kubernetes Advanced I Init Container Lab. This lab will provide an example for leveraging multiple kubernetes resources. In this lab, we will utilize Secrets, Deployments, Services, Jobs, and Init Containers.

In this lab, we deploy a container running HashiCorp's Vault, an enterprise secret storage platform. We will create a job that runs-to-completion to add data to Vault, and then we will deploy a pod with init-containers to read the data we've written to Vault. We are using init-containers in this scenario so that our application does not need to have a tight integration to Vault to read secrets from it. From the application perspective, this allows us to abstract away the Vault communication.

This lab makes use of Secrets, Deployments, Services, Jobs, and Init Containers. Ensure you are familiar with these concepts before proceeding:

Secrets: https://kubernetes.io/docs/concepts/configuration/secret/

Deployments: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

Services: https://kubernetes.io/docs/concepts/services-networking/service/

Jobs: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

Init-containers: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

In this lab we utilized multiple kubernetes resources, including Secrets, Deployments, Services, Jobs, and Init Containers to create a Vault server, add data to it, and then read data back out from it. ...

KA1 - Init Container Lab

Step 1 of 6

Create Secret for Vault Root Token

Before initializing Vault, we must create a root token for it. We are going to store that token as a Kubernetes secret.

Using the template in /root/vault-lab/resources/vault-secret/vault-secret.yaml, create a YAML for a Kubernetes Secret. The secret should be called called vault-secrets. It should contain the key token with a value of my-vault-root-token. Use this YAML to add the secret to the Kubernetes.

Remember that secret values should be base64 encoded.

References:

Secrets: https://kubernetes.io/docs/concepts/configuration/secret/