dashboard secretket issue fix

adilek · Aug 13, 2018 · 156ecef · 156ecef
1 parent 17e68ba
commit 156ecef
Show file tree

Hide file tree

Showing 4 changed files with 147 additions and 41 deletions.
diff --git a/Phase2/201-cluster-monitoring/readme.adoc b/Phase2/201-cluster-monitoring/readme.adoc
@@ -57,59 +57,38 @@ Check existing secrets in the `kube-system` namespace:
 
 It shows the output as:
 
-  NAME                                     TYPE                                  DATA      AGE
-  attachdetach-controller-token-dhkcr      kubernetes.io/service-account-token   3         3h
-  certificate-controller-token-p131b       kubernetes.io/service-account-token   3         3h
-  daemon-set-controller-token-r4mmp        kubernetes.io/service-account-token   3         3h
-  default-token-7vh0x                      kubernetes.io/service-account-token   3         3h
-  deployment-controller-token-jlzkj        kubernetes.io/service-account-token   3         3h
-  disruption-controller-token-qrx2v        kubernetes.io/service-account-token   3         3h
-  dns-controller-token-v49b6               kubernetes.io/service-account-token   3         3h
-  endpoint-controller-token-hgkbm          kubernetes.io/service-account-token   3         3h
-  generic-garbage-collector-token-34fvc    kubernetes.io/service-account-token   3         3h
-  horizontal-pod-autoscaler-token-lhbkf    kubernetes.io/service-account-token   3         3h
-  job-controller-token-c2s8j               kubernetes.io/service-account-token   3         3h
-  kube-dns-autoscaler-token-s3svx          kubernetes.io/service-account-token   3         3h
-  kube-dns-token-92xzb                     kubernetes.io/service-account-token   3         3h
-  kube-proxy-token-0ww14                   kubernetes.io/service-account-token   3         3h
-  kubernetes-dashboard-certs               Opaque                                2         9m
-  kubernetes-dashboard-key-holder          Opaque                                2         9m
-  kubernetes-dashboard-token-vt0fd         kubernetes.io/service-account-token   3         10m
-  namespace-controller-token-423gh         kubernetes.io/service-account-token   3         3h
-  node-controller-token-r6lsr              kubernetes.io/service-account-token   3         3h
-  persistent-volume-binder-token-xv30g     kubernetes.io/service-account-token   3         3h
-  pod-garbage-collector-token-fwmv4        kubernetes.io/service-account-token   3         3h
-  replicaset-controller-token-0cg8r        kubernetes.io/service-account-token   3         3h
-  replication-controller-token-3fwxd       kubernetes.io/service-account-token   3         3h
-  resourcequota-controller-token-6rl9f     kubernetes.io/service-account-token   3         3h
-  route-controller-token-9brzb             kubernetes.io/service-account-token   3         3h
-  service-account-controller-token-bqlsk   kubernetes.io/service-account-token   3         3h
-  service-controller-token-1qlg6           kubernetes.io/service-account-token   3         3h
-  statefulset-controller-token-kmgzg       kubernetes.io/service-account-token   3         3h
-  ttl-controller-token-vbnhf               kubernetes.io/service-account-token   3         3h
-
-We can login using the secret with type 'kubernetes.io/namespace-controller-token'. In our case, we'll use the token from secret `namespace-controller-token-423gh` to login. Use the following command to get the token for this secret:
-
-    kubectl -n kube-system describe secret namespace-controller-token-423gh
-
-Note you'll need to replace `namespace-controller-token-423gh` with the namespace-controller-token from your output list.
+  NAME                               TYPE                                  DATA      AGE
+  aws-node-token-9nf5p               kubernetes.io/service-account-token   3         6h
+  default-token-4cwmg                kubernetes.io/service-account-token   3         6h
+  kube-dns-token-j5xf4               kubernetes.io/service-account-token   3         6h
+  kube-proxy-token-vcsz2             kubernetes.io/service-account-token   3         6h
+  kubernetes-dashboard-certs         Opaque                                0         5h
+  kubernetes-dashboard-key-holder    Opaque                                2         5h
+  kubernetes-dashboard-token-fvsmj   kubernetes.io/service-account-token   3         5h
+
+We can login using the secret with type 'kubernetes-dashboard-token'. In our case, we'll use the token from secret `kubernetes-dashboard-token-fvsmj` to login. Use the following command to get the token for this secret:
+
+  kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
+  kubectl -n kube-system describe secret kubernetes-dashboard-token-fvsmj
+
+Note you'll need to replace `kubernetes-dashboard-token-fvsmj` with the namespace-controller-token from your output list.
 
 It shows the output:
 
 ```
-Name:         namespace-controller-token-423gh
+Name:         kubernetes-dashboard-token-fvsmj
 Namespace:    kube-system
 Labels:       <none>
-Annotations:  kubernetes.io/service-account.name=default
-              kubernetes.io/service-account.uid=3a3fea86-b3a1-11e7-9d90-06b1e747c654
+Annotations:  kubernetes.io/service-account.name=kubernetes-dashboard
+              kubernetes.io/service-account.uid=b9fbff90-9e7e-11e8-8295-0eadcb7d6792
 
 Type:  kubernetes.io/service-account-token
 
 Data
 ====
-ca.crt:     1046 bytes
+ca.crt:     1025 bytes
 namespace:  11 bytes
-token:      eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLTd2aDB4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIzYTNmZWE4Ni1iM2ExLTExZTctOWQ5MC0wNmIxZTc0N2M2NTQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.GHW-7rJcxmvujkClrN6heOi_RYlRivzwb4ScZZgGyaCR9tu2V0Z8PE5UR6E_3Vi9iBCjuO6L6MLP641bKoHB635T0BZymJpSeMPQ7t1F02BsnXAbyDFfal9NUSV7HoPAhlgURZWQrnWojNlVIFLqhAPO-5T493SYT56OwNPBhApWwSBBGdeF8EvAHGtDFBW1EMRWRt25dSffeyaBBes5PoJ4SPq4BprSCLXPdt-StPIB-FyMx1M-zarfqkKf7EJKetL478uWRGyGNNhSfRC-1p6qrRpbgCdf3geCLzDtbDT2SBmLv1KRjwMbW3EF4jlmkM4ZWyacKIUljEnG0oltjA
+token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1mdnNtaiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImI5ZmJmZjkwLTllN2UtMTFlOC04Mjk1LTBlYWRjYjdkNjc5MiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.tnz5fT83PNshzmjTFfw91rXqF1Sv_GPGtsqlbfckoMwfHNTqsriVnxoK011pLLZqoh6AY031jOf0sTr78YFn5wZ1Gp_X3_l8qY6SAT7pQLv130Tfbux5ehtTDZeCiXrHyGNbsgcNt_gL1DqZWPd3myiEG6VeT3fQs4swakR1Kprmksu8I4xi6yDw0flVLb2IEeq-HFzF8tYQmTawUlpMSeSt5rWWrePwIA4hRHfLdkPKLNEG9X32vkbNMsqrn7VPg6sPvLuE98Tp551edNaPbuGP-GOXH9ICpz4lsIpED5ediLdLaTsV1visgpzV5h6aNUB0wcAJ5A6ZtNimTLuisw
 ```
 
 Copy the value of token from this output, select `Token` in the Dashboard login window, and paste the text. Click on `SIGN IN` to see the default Dashboard view:

diff --git a/Phase3/401-configmaps-and-secrets/images/parameter-store-kubernetes/bin/pom.xml b/Phase3/401-configmaps-and-secrets/images/parameter-store-kubernetes/bin/pom.xml
@@ -0,0 +1,114 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.examples.java</groupId>
+    <artifactId>parameter-store-kubernetes</artifactId>
+    <packaging>jar</packaging>
+    <version>1.0-SNAPSHOT</version>
+    <url>http://maven.apache.org</url>
+    <dependencies>
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-ssm</artifactId>
+            <version>1.11.235</version>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.6.1</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>3.1.0</version>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>exec-maven-plugin</artifactId>
+                <version>1.5.0</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>exec</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <mainClass>org.examples.java.App</mainClass>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>3.0.2</version>
+                <configuration>
+                    <archive>
+                        <manifest>
+                            <mainClass>org.examples.java.App</mainClass>
+                        </manifest>
+                    </archive>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    <profiles>
+        <profile>
+            <id>docker</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>io.fabric8</groupId>
+                        <artifactId>docker-maven-plugin</artifactId>
+                        <version>0.22.1</version>
+                        <configuration>
+                            <images>
+                                <image>
+                                    <name>arungupta/${project.name}</name>
+                                    <build>
+                                        <from>openjdk:latest</from>
+                                        <assembly>
+                                            <descriptorRef>artifact</descriptorRef>
+                                        </assembly>
+                                        <cmd>java -jar maven/${project.name}-${project.version}.jar</cmd>
+                                    </build>
+                                </image>
+                            </images>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <id>docker:build</id>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>build</goal>
+                                </goals>
+                            </execution>
+                            <execution>
+                                <id>docker:push</id>
+                                <phase>install</phase>
+                                <goals>
+                                    <goal>push</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+</project>
+
diff --git a/...e3/401-configmaps-and-secrets/images/parameter-store-kubernetes/bin/readme.adoc b/...e3/401-configmaps-and-secrets/images/parameter-store-kubernetes/bin/readme.adoc
@@ -0,0 +1,13 @@
+= AWS Parameter Store and Kubernetes
+
+This application shows how a Java application deployed as a Pod in a Kubernetes cluster can read secrets from AWS Parameter Store.
+
+. Build Docker image: `mvn package -Pdocker`
+. Push Docker image: `docker push arungupta/parameter-store-kubernetes:latest`
+
+== To be tested
+
+. Delete pod: `kubectl delete pod/parameter-store-kubernetes`
+. Deploy pod: `kubectl apply -f pod.yaml`
+. Check pod logs: `kubectl logs pod/parameter-store-kubernetes`
+
diff --git a/...d-secrets/images/parameter-store-kubernetes/bin/src/main/java/org/examples/java/App.class b/...d-secrets/images/parameter-store-kubernetes/bin/src/main/java/org/examples/java/App.class