06.CKA-SECRET 초안

secret

secret은 comfigmap과 유사한 기능을 가지고 있다. configmap이 컨테이너 구성정보를 한 곳에서 관리해 주는 개념이라고 한다면, secret은 이름에서 알 수 있듯 container가 사용하는 password/auth/ssh key와 같은 구성정보를 base64로 인코딩하여 key/value 값으로 관리해 주는 API이다.


kubetcl create secret generic testsecret --from-literal=DBNAME=mysql --from-literal=USER=admin
==> testsecret이라는 secret을 key/value값으로 만들 것이다. DBNAME이라는 KEY값에는 mysql이라는 value를, USER라는 값에는 admin이라는 값을 부여할 것이다.

해당 값을 확인하기 위해서는 -o yaml을 사용하면 된다.
kubectl get secrets testsecret -o yaml

문제 예시
secret을 생성한 후 pod에 마운트 하시오. 2번째 pod를 생성한 후 secret의 password 정보를 환경변수로 전달하시오.

secret name : test-secrete
Passsword= test
pod name : pod-secrets-test
images = redis
secret참조 = test-secrete
mount : /secrets
pod2 name : pod-secrets-test-env
env name: CONFIDENTIAL

1. secret생성하기
kubectel create secret generic test-secret --from-literal=Password=test

2. pod 생성하기
kubectl run pod-secrets-test --image=redis -- dry-run=client --o yaml > pod-secrets-test.yaml

3.mount를 위한 yaml 수정하기

aipVersion: v1
kind: pod
metadata:
    name: pod-secrets-test
spec:
    containers:
    -  image: redis
       name: pod-secrets-test

       volumeMounts:
==> volume mount하기

       -  name: secretsVolume
==> mount 이름 지정하기.
          mountPath: "/secrets"
==> mount 경로 지정하기

       volumes:
       -  name: secretsVolume
==> volumes 이름 지정하기.

          secret:
             secretName: test-secret
==> secret 지정하기

4. yaml 실행하기
kubectl apply -f pod-secrets-test.yaml

5. 2번쩨 pod 생성하기
kubectl run pod-secrets-test-env --image=redis -- dry-run=client --o yaml > pod-secrets-test-env.yaml

6. yaml 수정하기

aipVersion: v1
kind: pod
metadata:
    name: pod-secrets-test-env
spec:
    containers:
    -  image: redis
       name: pod-secrets-test-env
       env:
          -  name: CONFIDENTIAL
             valueFrom:
               secretKeyRef:
                  name: test-secret
                  key: Password


7. 실제로 구동해 확인해 보기.
==> kubectl apply -f pod-secrets-test-env.yaml
==> kubectl exec -it pod-secrets-test-env -- /bin/bash
#env