{"pageProps":{"contents":[{"slug":"how-to-grant-access-to-the-kubernetes-api","title":"How to Grant Access to the Kubernetes API","description":"Learn how to Grant Access to the Kubernetes API.","content":"\nBy default no access is granted to applications in Kubernetes. So we have to explicitly allow access to the parts of the API that your applications need.\n\nKubernetes includes a built-in role-based access control (RBAC) mechanism that enables you to configure specific sets of permissions that define how a given user (or group of users) can interact with any Kubernetes object in a specific Namespace of your cluster.\n\nThe RBAC API declares four kinds of Kubernetes object: Role, ClusterRole, RoleBinding and ClusterRoleBinding. In this article, I'll focus on Role and RoleBinding.\n\n# How can we grant access to the Kubernetes API?\n\nKubernetes provides two resources that control the access to the API:\n\n* Role: specifies what access is granted (set of permissions). When we create a Role, we need to specify the Namespace it belongs in.\n* RoleBinding: specifies who the Role applies to (links a Role to subjects). \n\n# Create a Role\n\nHere is a yaml configuration file you can use to create a `Role` that let us list the pods and get information on a particular pod:\n\n```yaml\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n  name: my-role\n  namespace: my-namespace\n  labels:\n    app: my-rbac-app\nrules:\n- apiGroups: [\"\"] # \"\" indicates the core API group\n  resources: [\"pods\"]\n  verbs: [\"get\", \"list\"] # verbs to act on the that resource\n```\n\nA Role in isolation doesn't do anything until we bind it with a RoleBinding, so let's do that in the next step.\n\n# Create a RoleBinding\n\nHere is a yaml configuration file you can use to create a `RoleBinding` that give this role (\"my-role\") to all service accounts in the default namespace, meaning that all pods will have access to these APIs:\n\n```yaml\napiVersion: rbac.authorization.k8s.io/v1\n# This role binding allows \"jane\" to read pods in \"my-namespace\" namespace.\n# You need to already have a Role named \"my-role\" in that namespace.\nkind: RoleBinding\nmetadata:\n  name: my-rolebinding\n  namespace: my-namespace\n  labels:\n    app: my-rbac-app\nsubjects:\n# You can specify more than one \"subject\"\n- kind: Group\n  name: system:serviceaccounts # \"name\" is case sensitive\n  apiGroup: rbac.authorization.k8s.io\n  namespace: my-namespace\nroleRef:\n  # \"roleRef\" specifies the binding to a Role\n  kind: Role #this must be Role\n  name: my-role # this must match the name of the Role you wish to bind to\n  apiGroup: \"\"\n```\n\n# Create a Service Account\n\nThe best practice in security is to give as few permissions as possible. Kubernetes recommends to grant a role to an application-specific service account. This requires the application to specify a `serviceAccountName` in its pod spec and for the service account to be created.\n\nHere is a yaml configuration file you can use to create a basic `ServiceAccount`:\n\n```yaml\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: my-service-account\n  namespace: my-namespace\n  labels:\n    app: my-rbac-app\n```\n\nWe can start a pod with a `ServiceAccount` by adding that to it's spec definition:\n\n```yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: my-deployment\n  namespace: my-namespace\n  labels:\n    app: my-app\n    rbac: my-service-account\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: my-app\n      namespace: my-namespace\n      rbac: my-service-account\n  template:\n    metadata:\n      labels:\n        app: my-app\n        namespace: my-namespace\n        rbac: my-service-account\n    spec:\n      serviceAccountName: my-service-account\n      containers:\n        - name: my-container\n          image: nginx:1.7.9\n```\n\nIn the pod spec you can see `serviceAccountName: my-service-account`. The pod will be run as this `ServiceAccount` and all containers started from it will be running under that `ServiceAccount`.\n\nLast step is to apply all yaml files in the repository:\n\n```bash\n$ kubectl apply -f my-role.yaml -f my-rolebinding.yaml -f my-serviceaccount.yaml -f my-deployment.yaml -n my-namespace\n```\n\nFor more information related to RBAC Authorization, please check the [Kubernetes documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/).\n","type":"article","tags":["code","kubernetes","k8s","access"],"publishedAt":"2020-05-09T14:46:10.915Z","image":"/contents/article/how-to-grant-access-to-k8s-api.png?v1","updatedAt":null,"readingTime":{"text":"3 min read","minutes":2.89,"time":173400,"words":578},"data":{"title":"How to Grant Access to the Kubernetes API","description":"Learn how to Grant Access to the Kubernetes API.","tags":["code","kubernetes","k8s","access"],"image":"/contents/article/how-to-grant-access-to-k8s-api.png?v1","publishedAt":"2020-05-09T14:46:10.915Z","updatedAt":null,"type":"article"}},{"slug":"how-to-use-secrets-in-kubernetes","title":"How to Use Secrets in Kubernetes","description":"Learn how to use Secrets in Kubernetes with some examples.","content":"\nKubernetes Secrets let you store and manage sensitive information like as passwords, OAuth tokens, ssh keys, etc. \n\nWith this article, you'll learn how to use them easily.\n\n# What is a Secret in Kubernetes?\n\nA secret is an object that contains sensitive information like passwords, keys, tokens...\n\nTo use it, a Pod needs to reference it:\n* As files in a volume mounted on one or more of its containers.\n* By the `kubelet` when pulling images for the Pod.\n\n# Optimal way to create and mount a Secret\n\nFor me the easiest way to use Secrets is defining a YAML and reference them using `envFrom/secretRef`.\n\n1. Here is a yaml configuration file you can use to create a Secret that holds a username and a password:\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: my-secret\ndata:\n  username: my-username\n  password: vdg7JbgkdnRnN03e\n```\n\n2. Reference the Secret (my-secret-pod.yaml):\n\n```yaml\nkind: Pod\napiVersion: v1\nmetadata:\n  name: my-secret-pod\n  namespace: my-namespace\nspec:\n  containers:\n    - name: my-container\n      image: nginx:1.7.9\n      envFrom:\n        - secretRef:\n            name: my-secret\n```\n\n3. Then you just need to create the Pod:\n\n```bash\n$ kubectl apply -f my-secret-pod.yaml -n my-namespace\n```\n\nFor more information related to Secrets, please check the [Kubernetes documentation](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/).\n","type":"article","tags":["code","kubernetes","k8s","secret"],"publishedAt":"2020-04-18T10:10:10.915Z","image":null,"updatedAt":"2020-04-18T11:27:10.915Z","readingTime":{"text":"1 min read","minutes":0.99,"time":59400,"words":198},"data":{"title":"How to Use Secrets in Kubernetes","description":"Learn how to use Secrets in Kubernetes with some examples.","tags":["code","kubernetes","k8s","secret"],"publishedAt":"2020-04-18T10:10:10.915Z","updatedAt":"2020-04-18T11:27:10.915Z","type":"article"}},{"slug":"how-to-use-configmaps-in-kubernetes","title":"How to Use ConfigMaps in Kubernetes","description":"Learn how to use ConfigMaps in Kubernetes with some examples.","content":"\nWhen starting to use a new technology, one of the first questions to answer is how to manage your application's configuration. In the Kubernetes world, that answer is ConfigMaps.\n\nWith this article, you'll learn how to use them.\n\n# What is a ConfigMap?\n\nA ConfigMap is a dictionary composed of by a key-value pairs of strings.\nIt basically stores (public) configuration settings for your code. If you want to store secret configuration settings, you'll need to store them in another manner.\n\n# How ConfigMaps are deployed\n\n1. You have ConfigMap/s for every environment.\n2. A ConfigMap is created and added to a Kubernetes cluster.\n3. Containers in a Pod reference the ConfigMap to use its values.\n\n# Optimal way to create and mount a ConfigMap\n\nFor me the best way to use ConfigMaps is defining a YAML and reference them using `envFrom/configMapRef`.\n\n## Here is an example of a ConfigMap in a YAML file\n\n```yaml\nkind: ConfigMap\napiVersion: v1\nmetadata:\n  name: env-vars-configmap\n  namespace: my-namespace\ndata:\n  # Configuration values as key-value properties where value is a string\n  base_url: https://my.website.dev/\n  database_port: \"3306\"\n\n  # Also you can read those values from variables\n  base_url: ${BASE_URL}\n  database_port: \"${DATABASE_PORT}\"\n\n  # Or set as file contents\n  file_keys: |\n    color.good=purple\n    color.bad=yellow\n```\n\nTo added it to your namespace in the Kubernetes cluster:\n\n```bash\n$ kubectl apply -f env-vars-configmap.yaml -n my-namespace\n```\n\nAlso you can see the values of the environment variables executing:\n\n```bash\n$ kubectl get configmap -n my-namespace env-vars-configmap.yaml -o yaml\n```\n\n_Tip: this last command is useful when you have errors in the ConfigMap. If you use variables, try replace them with the real values and see which one fails._\n\n## Reference the ConfigMap\n\nSet the `envFrom/configMapRef` in each container to an object containing the list of ConfigMaps you want to include.\n\n```yaml\nkind: Pod\napiVersion: v1\nmetadata:\n  name: pod-configmap\n  namespace: my-namespace\nspec:\n  containers:\n    - name: my-container\n      image: nginx:1.7.9\n      envFrom:\n        - configMapRef:\n            name: env-vars-configmap\n```\n\nAttach to the created Pod using:\n\n```bash\n$ kubectl exec -it pod-configmap sh\n```\n\nThen run `env` and see that all keys are now available as environment variables.\n\nFor more information related to ConfigMaps, please check the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/).\n","type":"article","tags":["code","kubernetes","k8s","configmap"],"publishedAt":"2020-04-13T11:11:11.915Z","image":"https://boxboat.com/2018/07/05/gitops-kubernetes-rolling-update-configmap-secret-change/kube-configmap-secret-deployment.png","updatedAt":"2020-05-09T14:56:10.915Z","readingTime":{"text":"2 min read","minutes":1.79,"time":107400,"words":358},"data":{"title":"How to Use ConfigMaps in Kubernetes","description":"Learn how to use ConfigMaps in Kubernetes with some examples.","tags":["code","kubernetes","k8s","configmap"],"image":"https://boxboat.com/2018/07/05/gitops-kubernetes-rolling-update-configmap-secret-change/kube-configmap-secret-deployment.png","publishedAt":"2020-04-13T11:11:11.915Z","updatedAt":"2020-05-09T14:56:10.915Z","type":"article"}},{"slug":"how-to-get-changes-from-forked-project","title":"How to Get Changes from Forked Project","description":"Learn how to get changes committed to a project you forked.","content":"\n## 1. Clone your forked project\n\nThis is only important if it's not yet in your workspace\n\n```bash\ngit clone git@github.com:YOUR-USERNAME/YOUR-FORKED-PROJECT.git\n```\n\n## 2. Add remote from original repository in your forked one\n\n```bash\ncd into/cloned/forked-project\ngit remote add upstream git://github.com/ORIGINAL-DEV-USERNAME/PROJECT-YOU-FORKED-FROM.git\ngit fetch upstream\n```\n\n## 3. Updating your forked project from the original one to have their changes\n\n```bash\ngit pull upstream master\n```\n\n## 4. Solve conflicts (if any)\n\n## 5. Finally push changes\n\n```bash\ngit push\n```\n","type":"tip","tags":["git","code","fork"],"publishedAt":"2020-04-12T12:44:00.915Z","image":null,"updatedAt":null,"readingTime":{"text":"1 min read","minutes":0.4,"time":24000,"words":80},"data":{"title":"How to Get Changes from Forked Project","description":"Learn how to get changes committed to a project you forked.","tags":["git","code","fork"],"publishedAt":"2020-04-12T12:44:00.915Z","updatedAt":null,"type":"tip"}},{"slug":"for-whom-is-this-blog-for","title":"For Whom Is This Blog For?","description":"Learn about this blog and if it's for you.","content":"\nAs developers, we are learning new things every day.\n\nIn this blog I want to share what I'm currently learning, but also what I've learned.\n\nSo if you want to know more about the development of APIs and machine learning, from a developer with more than 10 years of experience, please follow me on Twitter, subscribe to my newsletter or to my RSS feed.\n\nSpecial thank you to Lailo and his [open source code](https://github.com/lailo/next-with-tailwindcss) that I used for this blog.\n","type":"article","tags":["blog","ml","code","api"],"publishedAt":"2020-03-29T07:07:37.915Z","image":null,"updatedAt":"2020-04-18T11:18:10.915Z","readingTime":{"text":"1 min read","minutes":0.4,"time":24000,"words":80},"data":{"title":"For Whom Is This Blog For?","description":"Learn about this blog and if it's for you.","tags":["blog","ml","code","api"],"publishedAt":"2020-03-29T07:07:37.915Z","updatedAt":"2020-04-18T11:18:10.915Z","type":"article"}}],"tag":"code"},"__N_SSG":true}