| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 |
- Chrony
- tunneling
- Vlan
- vrrp
- CKA
- 장비
- GLBP
- 라우터
- eigrpv2
- Etherchannel
- OSPF
- ripng
- stp
- Inter VLAN
- rip
- NAT
- Redistribute
- crontab
- 헤더
- OSI 7 layer
- ospfv3
- 스위치
- 명령어
- DHCP
- ACL
- eigrp
- ipv6
- Today
- Total
Net Eng
[CKA] - Secret 운영 본문
[선수 작업]
kubectl config set-context k8s --user=kubernetes-admin --cluster=kubernetes
[문제]
- 작업 클러스터: k8s
- Create a Kubernetes secret and expose using a file in the pod.
- Create a Kubernetes Secret as follows:
- Name: super-secret
- DATA: password=secretpass
- Create a Kubernetes Secret as follows:
- Create a Pod named pod-secrets-via-file, using the redis image, which mounts a secret named super-secret at /secrets.
- Create a second Pod named pod-secrets-via-env, using the redis image, which exports password as PASSWORD.
[풀이]
kubectl config use-context k8s* k8s 클러스터 사용
kubectl create secret generic super-secret --from-literal="password=secretpass"* secret 생성
kubectl get secrets* 생성된 secret 확인
apiVersion: v1
kind: Pod
metadata:
name: pod-secrets-via-file
spec:
containers:
- name: mypod
image: redis
volumeMounts:
- name: foo
mountPath: "/secrets"
volumes:
- name: foo
secret:
secretName: super-secret* yaml 파일을 생성하여 secret 마운트
kubectl apply -f pod-secrets-via-file.yaml* yaml 파일 실행
kubectl get pods* Pod 확인
kubectl exec pod-secrets-via-file -it -- ls /secrets
kubectl exec pod-secrets-via-file -it -- cat /secrets/password* secret 확인
apiVersion: v1
kind: Pod
metadata:
name: pod-secrets-via-env
spec:
containers:
- name: envars-test-container
image: redis
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: super-secret
key: password* yaml 파일 생성하여 env로 설정
kubectl apply -f pod-secrets-via-env.yaml* yaml 파일 실행
kubectl exec pod-secrets-via-env -it -- env* 환경변수 확인
[참고]
Secrets
A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don't need to include confiden
kubernetes.io
Distribute Credentials Securely Using Secrets
This page shows how to securely inject sensitive data, such as passwords and encryption keys, into Pods. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is re
kubernetes.io
'Cloud > Kubernetes' 카테고리의 다른 글
| [CKA] - Persistent Volume Claim 사용하는 Pod 운영 (0) | 2024.01.22 |
|---|---|
| [CKA] - Persistent Volume 생성 (0) | 2024.01.22 |
| [CKA] - ConfigMap 운영 (1) | 2024.01.22 |
| [CKA] - NodePort 서비스 생성 (1) | 2024.01.22 |
| [CKA] - Init Container를 포함한 Pod 운영 (1) | 2024.01.22 |
