Skip to content

harryleesan/kubernetes-demo-pods-volume-access

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
backend-app
backend-app
 
 
frontend-app
frontend-app
 
 
manifests
manifests
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Demo - data flow between 2 pods in the same namespace

Introduction

This demo is a very naive implementation, this is ONLY meant to demonstrate the use of secrets and configmaps as volume mounts and data flow between two pods via services. This is by NO means production ready.

In this demo, 2 pods (frontend and backend) in the same namespace (demo) are demonstrated to communicate with each other via 2 services (frontend and backend), where the frontend service is exposed as a nodeport and the backend service is an internal service (not exposed).

The backend pod has a secret mounted as a volume. The frontend pod then requests the backend for this secret and displays it in the client browser.

The backend pod is running a Nginx web server which serves as a mock API endpoint which exposes the secret file. The frontend pod is running a simple NodeJS web server which the client accesses from the browser to retrieve the secret content. Since this is merely a demonstration, the pods are kept as minimalistic as possible.

Structure

- backend-app
  - nginx.conf
  - secret.key
- frontend-app
  - src
    - package.json
    - server.js
    - yarn.lock
  - Dockerfile
- manifests
  - configmap.yml
  - deployment-backend.yml
  - deployment-frontend.yml
  - namespace.yml
  - secret.yml
- docker-compose.yml
  • The backend-app directory consists of config files that are used in the docker-compose.yml to configure the backend app.
  • The frontend-app directory consists of files that are used to build the docker image for the frontend app.
  • The manifsts directory consists of YAML definitions for setting up the Kubernetes cluster for this demo.
  • The docker-compose.yml can be used for testing the communication between the frontend app and backend app when Kubernetes/Minikube is not installed.

Usage

Pre-requisites

These are required for this demo:

  • kubectl and minikube or
  • docker-compose
  1. Start the minikube cluster:
minikube start
  1. Build the frontend docker image:
cd frontend-app/
eval $(minikube docker-env)
docker build -t myapp/frontend-test:latest .
  1. Run the manifests in the following order:
cd manifests/
kubectl apply -f namespace.yml
kubectl apply -f configmap.yml
kubectl apply -f secret.yml
kubectl apply -f deployment-backend.yml
kubectl apply -f deployment-frontend.yml
  • A namespace demo will be created.
  • A configmap nginx.conf is used to configure the Nginx server for the backend to serve up the secret file.
  • A secret secret.key is created which will be used as a mounted volume in the backend deployment.
  • deployment-backend.yml consists of the deployment and service manifest for the backend.
  • deployment-frontend.yml consists of the deployment and service manifest for the frontend.
  1. Access the nodeport:
minikube service -n demo frontend
  1. You should see "This variable is a super secret!" in the browser.

Conclusion

This simple demonstration shows a way in which to transfer data from a mounted volume (in this case an insecure secret) of one pod to another pod requesting for the data. It is vital to note that secrets are not meant to be used in this way, this naive implementation defeats the purpose of having secrets in the first place.

About

A simple demo on accessing another pod's mounted volume content

Topics

kubernetes-secrets kubernetes-configmap minikube-setup

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages