๐ซ๋ชฉ์ฐจ๋ก ๋์๊ฐ๊ธฐ
ConfigMap
์ปจํ
์ด๋ ๊ตฌ์ฑ ์ ๋ณด๋ฅผ ํ๊ณณ์ ๋ชจ์์ ๊ด๋ฆฌ
ํน์ Pod๋ค์๊ฒ ํ๊ฒฝ๋ณ์(์ผ๋ถ, ์ ์ฒด)๋ฅผ ์ ๋ฌ ํ ์ ์์
key value ํํ์ด๋, key์ file์ ํน์ value์ file ํน์ directory๋ฅผ ๋ฃ์ ์ ์๋ค.
(ํ์ผ์ฉ๋์ 1M ์ดํ)
ConfigMap ์์ฑ์ถ์ฒ : ์ ํ๋ธ ๋ฐ๋ฐฐ๋ฐ ๋ฐ๋ฐฐ์ฟ https://www.youtube.com/@ttabae-learn#์์ฑ์์
#config.dir ๋๋ ํ ๋ฆฌ๋ฅผ ๊ฐ์ง๊ณ ์๊ณ , ์ด ์์๋ nginx-confg.conf ํ์ผ์ด ์๋ค๊ณ ๊ฐ์
kubectl create configmap ttabae-config \
--from-literal=INTERVAL=2 --from-literal=OPTION=boy --from-file=config.dir/
#configmap ์กฐํ
kubectl get configmaps
NAME DATA AGE
kube-root-ca.crt 1 11d
ttabae-config 3 26s #<--- ๊ฐ์ด 3๊ฐ ์๋ค๊ณ ๋ณด์
#์คํ ํ ttabae-config์๋ ๋ค์์ ๊ฐ์ด ๋ค์ด๊ฐ ์์ ๊ฒ์ด๋ค
#INNTERVAL:2
#OPTION:boy
#nginx-config.conf:ํ์ผ๋ด์ฉ ์ด์ฉ๊ณ ์ ์ฉ๊ณ
#configmap ์์ธ์กฐํ
kubectl describe configmaps ttabae-config
Name: ttabae-config
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
INTERVAL:
----
2
OPTION:
----
boy
nginx-config.conf:
----
server {
listen 80;
server_name www.example.com;
gzip on;
gzip_types text/plain application/xml;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
BinaryData
====
Events: <none>
# configMap ์์
kubectl edit configmaps ttabae-config
#์์์ ๋ง๋ configMap์ ํ๊ฒฝ๋ณ์ ๊ฐ์ ์ด์ฉํ์ฌ pod yaml ํ์ผ์ ์์ฑ
cat genid.yaml
apiVersion: v1
kind: Pod
metadata:
name: genid-stone
spec:
containers:
- image: bluedove97/genid:env
env:
- name: INTERVAL
valueFrom:
configMapKeyRef:
name: ttabae-config #<-- ttabae-config์ ์๋ INTERVAL ํค๊ฐ๋ฅผ, ํ๊ฒฝ๋ณ์ INTERVAL ์ ๋ฃ์ด๋ผ.
key: INTERVAL
name: fakeid
volumeMounts:
- name: html
mountPath: /webdata
- image: nginx:1.14
name: web-server
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
readOnly: true
ports:
- containerPort: 80
volumes:
- name: html
emptyDir: {}
#configMap์ ํต์งธ๋ก ํ๊ฒฝ๋ณ์๋ก ์ธํ
ํ ๋
cat genid-whole.yaml
apiVersion: v1
kind: Pod
metadata:
name: genid-boy
spec:
containers:
- image: bluedove97/genid:env
envFrom: #<--- envFrom : configMap ์ ์๋ ์ ์ฒดํ๊ฒฝ๋ณ์๋ฅผ ๋ถ๋ฌ์จ๋ค.
- configMapRef:
name: ttabae-config
name: fakeid
volumeMounts:
- name: html
mountPath: /webdata
- image: nginx:1.14
name: web-server
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
readOnly: true
ports:
- containerPort: 80
volumes:
- name: html
emptyDir: {}
#ConfigMap์ key๋ฅผ pod์ ์ปจํ
์ด๋์ ๋ณผ๋ฅจ๋ง์ดํธ ํ๊ธฐ. (ํ์ผ๋ก๋ถํฐ ์ฝ์ด์จ ํ๊ฒฝ๋ณ์ ๋๊ธฐ๊ธฐ)
cat genid-volume.yaml
apiVersion: v1
kind: Pod
metadata:
name: genid-volume
spec:
containers:
- image: bluedove97/genid:env
env:
- name: INTERVAL
valueFrom:
configMapKeyRef:
name: ttabae-config
key: INTERVAL
name: fakeid-generator
volumeMounts:
- name: html
mountPath: /webdata
- image: nginx:1.14
name: web-server
ports:
- containerPort: 80
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
readOnly: true
- name: config
mountPath: /etc/nginx/conf.d
readOnly: true
volumes:
- name: html
emptyDir: {}
- name: config
configMap:
name: ttabae-config
items:
- key: nginx-config.conf
path: nginx-config.conf
Secret
์ํฌ๋ฆฟ์ ์ปจํผ๊ทธ๋งต๊ณผ ๋น์ทํ ๋งฅ๋ฝ์ด์ง๋ง, base64๋ก ์ธ์ฝ๋ฉํด์ ๋ชจ์๋๋ค.
์ํฌ๋ฆฟ ์ฉ๋์ ํ 1M
- docker-registry ๋์ปค๊ด๋ จ๋ ๋ณ์(์ด๋ฆ, ํจ์ค์๋, ์ด๋ฉ์ผ)
- generic ์ผ๋ฐ์ ์ธ ๋ณ์
- tls ์ธ์ฆ๊ณผ ๊ด๋ จ๋ ๋ณ์
Secret ๋ง๋ค๊ธฐ์ถ์ฒ : ์ ํ๋ธ ๋ฐ๋ฐฐ๋ฐ ๋ฐ๋ฐฐ์ฟ https://www.youtube.com/@ttabae-learn#secret ์์ฑ
kubectl create secret generic ttabae-secret \
--from-literal=INTERVAL=2 --from-file=./genid-web-config/
#์กฐํ
kubectl get secrets
NAME TYPE DATA AGE
ttabae-secret Opaque 2 46s #<--- TYPE Opaque ๋ ์ฌ์ฉ์ ์ ์ ํ์
์ด๋ค
#yaml๋ก ์กฐํ --> base64 ์ธ์ฝ๋ฉ๋ฐ์ดํฐ๊ฐ ๋ณด์ธ๋ค.
kubectl get secrets ttabae-secret -o yaml
#secret์ ํฌํจํ pod ์์ฑ
cat genid-env-secret.yaml
apiVersion: v1
kind: Pod
metadata:
name: genid-env-secret
spec:
containers:
- image: bluedove97/genid:env
env:
- name: INTERVAL
valueFrom:
secretKeyRef:
name: ttabae-secret
key: INTERVAL
name: fakeid-generator
volumeMounts:
- name: html
mountPath: /webdata
- image: nginx:1.14
name: web-server
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
readOnly: true
ports:
- containerPort: 80
volumes:
- name: html
emptyDir: {}