6. 오라클 클라우드 - 쿠버네티스 -컨피그맵 환경변수

<1> ConfigMap  환경변수 사용

<2> secret  -  정보 저장용

<1> ConfigMap  환경변수 사용

ConfigMap  환경변수 사용하면 ,컨테이너 이미지는 1개만 사용하고 , 각각의 환경 변수를 가져와서 서비스 하면 된다.

아니면, 개발환경 컨테이너 이미지, 상용환경 컨테이너 이미지를 각각 관리해야 한다.

1

설명 동영상

https://youtu.be/7j6JOlWL-dE

문서

https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/

clear

2

topasvga@cloudshell:~ (ap-seoul-1)$ cat << EOF > configmap-pod.yaml

> apiVersion: v1

> kind: Pod

> metadata:

>   name: configmap-pod

> spec:

>   containers:

>     - name: configmap-pod

>       image: busybox

>       args: ['tail', '-f', '/dev/null']

>       envFrom:

>       - configMapRef:

>           name: log-level

> EOF

330 configmap-pod.txt

3

topasvga@cloudshell:~ (ap-seoul-1)$ kubectl apply -f configmap-pod.yaml

pod/configmap-pod created

4

topasvga@cloudshell:~ (ap-seoul-1)$ kubectl exec configmap-pod -- env

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

TERM=xterm

HOSTNAME=configmap-pod

LOG_LEVEL=DEBUG

KUBERNETES_SERVICE_PORT_HTTPS=443

READINESSPROBE_SERVICE_PORT_80_TCP=tcp://10.96.59.15:80

READINESSPROBE_SERVICE_PORT_80_TCP_PROTO=tcp

KUBERNETES_PORT=tcp://10.96.0.1:443

KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443

DEPLOYMENT_2048_PORT=tcp://10.96.214.121:80

KUBERNETES_SERVICE_HOST=10.96.0.1

KUBERNETES_SERVICE_PORT_PROXYMUX=12250

DEPLOYMENT_2048_PORT_80_TCP_PROTO=tcp

READINESSPROBE_SERVICE_PORT_80_TCP_ADDR=10.96.59.15

DEPLOYMENT_2048_SERVICE_PORT=80

DEPLOYMENT_2048_PORT_80_TCP_PORT=80

READINESSPROBE_SERVICE_SERVICE_PORT=80

KUBERNETES_PORT_443_TCP_PORT=443

DEPLOYMENT_2048_SERVICE_HOST=10.96.214.121

DEPLOYMENT_2048_PORT_80_TCP_ADDR=10.96.214.121

READINESSPROBE_SERVICE_SERVICE_HOST=10.96.59.15

KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1

KUBERNETES_PORT_12250_TCP_PORT=12250

DEPLOYMENT_2048_PORT_80_TCP=tcp://10.96.214.121:80

KUBERNETES_SERVICE_PORT=443

KUBERNETES_PORT_12250_TCP_ADDR=10.96.0.1

READINESSPROBE_SERVICE_SERVICE_PORT_NGINX=80

KUBERNETES_PORT_443_TCP_PROTO=tcp

KUBERNETES_PORT_12250_TCP=tcp://10.96.0.1:12250

KUBERNETES_PORT_12250_TCP_PROTO=tcp

READINESSPROBE_SERVICE_PORT=tcp://10.96.59.15:80

READINESSPROBE_SERVICE_PORT_80_TCP_PORT=80

HOME=/root

5

topasvga@cloudshell:~ (ap-seoul-1)$ kubectl delete pod --all && kubectl delete configmaps log-level

pod "configmap-pod" deleted

<2> secret  -  정보 저장용

1

configmap 과 유사하게 불러오는 것임.

base 64로 암호화 됨

하지만 취약한 암호화로 사용은 힘들다.

2

topasvga@cloudshell:~ (ap-seoul-1)$ kubectl get secrets

No resources found in default namespace.

2

topasvga@cloudshell:~ (ap-seoul-1)$ kubectl create secret generic my-password --from-literal password=1q2w3e4r

secret/my-password created

3

topasvga@cloudshell:~ (ap-seoul-1)$ kubectl get secrets  

NAME          TYPE     DATA   AGE

my-password   Opaque   1      8s

4

topasvga@cloudshell:~ (ap-seoul-1)$ kubectl describe secrets my-password

Name:         my-password

Namespace:    default

Labels:       <none>

Annotations:  <none>

Type:  Opaque

Data

====

password:  8 bytes

5

topasvga@cloudshell:~ (ap-seoul-1)$ kubectl get secrets my-password -o jsonpath='{.data.password}' ; echo

MXEydzNlNHI=

6

// base 64로 암호화 한거라 약한 암호화 이다.

topasvga@cloudshell:~ (ap-seoul-1)$  echo MXEydzNlNHI= |base64 -d ;echo

1q2w3e4r

// 시크릿이 안전하지 않다~

topasvga@cloudshell:~ (ap-seoul-1)$ kubectl get secrets my-password -o jsonpath='{.data.password}' | base64 -d ; echo

1q2w3e4r

감사합니다.