<1> ConfigMap 환경변수 사용
<2> secret - 정보 저장용
<1> ConfigMap 환경변수 사용
ConfigMap 환경변수 사용하면 ,컨테이너 이미지는 1개만 사용하고 , 각각의 환경 변수를 가져와서 서비스 하면 된다.
아니면, 개발환경 컨테이너 이미지, 상용환경 컨테이너 이미지를 각각 관리해야 한다.
1
설명 동영상
문서
https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/
clear
2
topasvga@cloudshell:~ (ap-seoul-1)$ cat << EOF > configmap-pod.yaml
> apiVersion: v1
> kind: Pod
> metadata:
> name: configmap-pod
> spec:
> containers:
> - name: configmap-pod
> image: busybox
> args: ['tail', '-f', '/dev/null']
> envFrom:
> - configMapRef:
> name: log-level
> EOF
3
topasvga@cloudshell:~ (ap-seoul-1)$ kubectl apply -f configmap-pod.yaml
pod/configmap-pod created
4
topasvga@cloudshell:~ (ap-seoul-1)$ kubectl exec configmap-pod -- env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TERM=xterm
HOSTNAME=configmap-pod
LOG_LEVEL=DEBUG
KUBERNETES_SERVICE_PORT_HTTPS=443
READINESSPROBE_SERVICE_PORT_80_TCP=tcp://10.96.59.15:80
READINESSPROBE_SERVICE_PORT_80_TCP_PROTO=tcp
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
DEPLOYMENT_2048_PORT=tcp://10.96.214.121:80
KUBERNETES_SERVICE_HOST=10.96.0.1
KUBERNETES_SERVICE_PORT_PROXYMUX=12250
DEPLOYMENT_2048_PORT_80_TCP_PROTO=tcp
READINESSPROBE_SERVICE_PORT_80_TCP_ADDR=10.96.59.15
DEPLOYMENT_2048_SERVICE_PORT=80
DEPLOYMENT_2048_PORT_80_TCP_PORT=80
READINESSPROBE_SERVICE_SERVICE_PORT=80
KUBERNETES_PORT_443_TCP_PORT=443
DEPLOYMENT_2048_SERVICE_HOST=10.96.214.121
DEPLOYMENT_2048_PORT_80_TCP_ADDR=10.96.214.121
READINESSPROBE_SERVICE_SERVICE_HOST=10.96.59.15
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
KUBERNETES_PORT_12250_TCP_PORT=12250
DEPLOYMENT_2048_PORT_80_TCP=tcp://10.96.214.121:80
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT_12250_TCP_ADDR=10.96.0.1
READINESSPROBE_SERVICE_SERVICE_PORT_NGINX=80
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_12250_TCP=tcp://10.96.0.1:12250
KUBERNETES_PORT_12250_TCP_PROTO=tcp
READINESSPROBE_SERVICE_PORT=tcp://10.96.59.15:80
READINESSPROBE_SERVICE_PORT_80_TCP_PORT=80
HOME=/root
5
topasvga@cloudshell:~ (ap-seoul-1)$ kubectl delete pod --all && kubectl delete configmaps log-level
pod "configmap-pod" deleted
<2> secret - 정보 저장용
1
configmap 과 유사하게 불러오는 것임.
base 64로 암호화 됨
하지만 취약한 암호화로 사용은 힘들다.
2
topasvga@cloudshell:~ (ap-seoul-1)$ kubectl get secrets
No resources found in default namespace.
2
topasvga@cloudshell:~ (ap-seoul-1)$ kubectl create secret generic my-password --from-literal password=1q2w3e4r
secret/my-password created
3
topasvga@cloudshell:~ (ap-seoul-1)$ kubectl get secrets
NAME TYPE DATA AGE
my-password Opaque 1 8s
4
topasvga@cloudshell:~ (ap-seoul-1)$ kubectl describe secrets my-password
Name: my-password
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 8 bytes
5
topasvga@cloudshell:~ (ap-seoul-1)$ kubectl get secrets my-password -o jsonpath='{.data.password}' ; echo
MXEydzNlNHI=
6
// base 64로 암호화 한거라 약한 암호화 이다.
topasvga@cloudshell:~ (ap-seoul-1)$ echo MXEydzNlNHI= |base64 -d ;echo
1q2w3e4r
// 시크릿이 안전하지 않다~
topasvga@cloudshell:~ (ap-seoul-1)$ kubectl get secrets my-password -o jsonpath='{.data.password}' | base64 -d ; echo
1q2w3e4r
감사합니다.