[k8s] 쿠버네티스에서 Secrets란?

Secrets

• 민감 정보 저장에 사용
• 기본 base64 인코딩이 default
• 파드에서 파일로 마운팅되거나 환경 변수로 사용할 수 있음

apiVersion: v1  
kind: Pod  
metadata:  
    name: webapp-with-db  
    labels:  
    app: my-webapp  
spec:  
    containers:  
    - name: webapp  
      image: nginx:latest 
      ports:  
        - containerPort: 80  
      envFrom:  
        - configMapRef:  
            name: webapp-config  
    - name: database  
      image: mongo:latest  
      env:  
        - name: MONGO_INITDB_ROOT_USERNAME  
          valueFrom:  
            secretKeyRef:  
                name: db-credentials  
                key: username  
        - name: MONGO_INITDB_ROOT_PASSWORD  
          valueFrom:  
            secretKeyRef:  
                name: db-credentials  
                key: password  

---  

apiVersion: v1  
kind: Service  
metadata:  
    name: webapp-service  
spec:  
    selector:  
        app: my-webapp  
    ports:  
      - protocol: TCP  
        port: 80  
        targetPort: 80  

---  

apiVersion: v1  
kind: ConfigMap  
metadata:  
    name: webapp-config  
data:  
    WEBAPP_ENV: "production"  
    DATABASE_URL: "mongodb://database-service:27017/mydb"  

---  

apiVersion: v1  
kind: Secret  
metadata:  
    name: db-credentials                   // Secret 명칭
type: Opaque  
data:  
    username: <base64-encoded-username>    // 실제 base64 로 인코딩 된 값
    password: <base64-encoded-password>