K8s 시크릿(secret) 만드는 법

 

.dockerconfigjson 을 이용해 secret만들기

kubectl create secret generic harbor --from-file=.dockerconfigjson=/root/.docker/config.json  --type=kubernetes.io/dockerconfigjson -n test_namespace

 

kubectl create secret generic gitlab --from-file=.dockerconfigjson=/root/.docker/config.json  --type=kubernetes.io/dockerconfigjson -n wk-frontend

 

kubectl create secret docker-registry crawler-secret   --docker-username=kyeongrok   --docker-password=<docker_pw : base64>   --docker-email=oceanfog1@gmail.com   --docker-server=registry.gitlab.com/workscombine/evsa_dashboard_crawler:latest

 

Secret사용법

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: wk-frontend
  name: wk-frontend
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wka-frontend
  template:
    metadata:
      labels:
        app: wk-frontend
    spec:
      containers:
      - name: wk-frontend
        image: registry.gitlab.com/wk/wk_dashboard_frontend:latest
        ports:
        - containerPort: 80
      imagePullSecrets:
      - name: gitlab

 

Imperative command로 만들기

kubectl create secret generic test-secret -from-literal=SPRING_DATASOURCE_PASSWORD='mypassword'

 

base64인코딩

.yml로 만들기 위해서는 인코딩을 해주어야 합니다. 아래방법으로 인코딩과 디코딩을 할 수 있습니다.

 

echo mypassword | base64

결과

bXlwYXNzd29yZAo=

 

base64디코딩

echo bXlwYXNzd29yZAo= | base64 -d

 

.yml로 만들기

apiVersion: v1

kind: Secret

metadata:

  name: hello-secret

Type: Opaque

data:

  SPRING_DATASOURCE_PASSWORD: bXlwYXNzd29yZAo=

 

 

Deploy에 적용

spec.template.spec.containers아래

envFrom:

- secretRef:

      name: test-secret