diff --git a/examples/notebooks/create_secret.ipynb b/examples/notebooks/create_secret.ipynb new file mode 100644 index 0000000000..0418d0e787 --- /dev/null +++ b/examples/notebooks/create_secret.ipynb @@ -0,0 +1,347 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "How to create and use a Secret\n", + "================\n", + "\n", + "A [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) is an object that contains a small amount of sensitive data such as a password, a token, or a key. In this notebook, we would learn how to create a Secret and how to use Secrets as files from a Pod as seen in https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "from kubernetes import client, config" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### Load config from default location" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "config.load_kube_config()\n", + "client.configuration.assert_hostname = False" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### Create API endpoint instance and API resource instances" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "api_instance = client.CoreV1Api()\n", + "sec = client.V1Secret()" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### Fill required Secret fields" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "sec.metadata = client.V1ObjectMeta(name=\"mysecret\")\n", + "sec.type = \"Opaque\"\n", + "sec.data = {\"username\": \"bXl1c2VybmFtZQ==\", \"password\": \"bXlwYXNzd29yZA==\"}" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### Create Secret" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "api_instance.create_namespaced_secret(namespace=\"default\", body=sec)" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### Create test Pod API resource instances" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "pod = client.V1Pod()\n", + "spec = client.V1PodSpec()\n", + "pod.metadata = client.V1ObjectMeta(name=\"mypod\")\n", + "container = client.V1Container()\n", + "container.name = \"mypod\"\n", + "container.image = \"redis\"" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### Add volumeMount which would be used to hold secret" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "volume_mounts = [client.V1VolumeMount()]\n", + "volume_mounts[0].mount_path = \"/data/redis\"\n", + "volume_mounts[0].name = \"foo\"\n", + "container.volume_mounts = volume_mounts" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### Create volume required by secret" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "spec.volumes = [client.V1Volume(name=\"foo\")]\n", + "spec.volumes[0].secret = client.V1SecretVolumeSource(secret_name=\"mysecret\")" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "spec.containers = [container]\n", + "pod.spec = spec" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### Create the Pod" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "api_instance.create_namespaced_pod(namespace=\"default\",body=pod)" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### View secret being used within the pod\n", + "\n", + "Wait for alteast 10 seconds to ensure pod is running before executing this section." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "user = api_instance.connect_get_namespaced_pod_exec(name=\"mypod\", namespace=\"default\", command=[ \"/bin/sh\", \"-c\", \"cat /data/redis/username\" ], stderr=True, stdin=False, stdout=True, tty=False)\n", + "print(user)\n", + "passwd = api_instance.connect_get_namespaced_pod_exec(name=\"mypod\", namespace=\"default\", command=[ \"/bin/sh\", \"-c\", \"cat /data/redis/password\" ], stderr=True, stdin=False, stdout=True, tty=False)\n", + "print(passwd)" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### Delete Pod" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "api_instance.delete_namespaced_pod(name=\"mypod\", namespace=\"default\", body=client.V1DeleteOptions())" + ] + }, + { + "cell_type": "markdown", + "metadata": { + "deletable": true, + "editable": true + }, + "source": [ + "### Delete Secret" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [ + "api_instance.delete_namespaced_secret(name=\"mysecret\", namespace=\"default\", body=sec)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true, + "deletable": true, + "editable": true + }, + "outputs": [], + "source": [] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Python 2", + "language": "python", + "name": "python2" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 2 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython2", + "version": "2.7.6" + } + }, + "nbformat": 4, + "nbformat_minor": 2 +}