参考文献: Kubernetesマイクロサービス開発の実践 (早川博 著)
kubectl explain secret
kubectl api-resources
-- 1. Secret作成
echo -n "val01" | base64
echo -n "dmFsMDE=" | base64 -d
echo -n "val02" | base64
echo -n "dmFsMDI=" | base64 -d
cat <<-'EOF' | base64
key11: val11
key12: val12
EOF
echo -n "ICAgIGtleTExOiB2YWwxMQogICAga2V5MTI6IHZhbDEyCg==" | base64 -d
cat <<-'EOF' > secret01.yaml
apiVersion: v1
kind: Secret
metadata:
name: secret01
namespace: default
type: Opaque
data:
key01: dmFsMDE=
key02: dmFsMDI=
file1.conf: ICAgIGtleTExOiB2YWwxMQogICAga2V5MTI6IHZhbDEyCg==
EOF
kubectl apply -f secret01.yaml
kubectl get secret
kubectl delete -f secret01.yaml
-- 2. Pod作成(コンテナの環境変数に設定する場合)
cat <<-'EOF' > po01.yaml
apiVersion: v1
kind: Pod
metadata:
name: po01
labels:
app: busybox
spec:
containers:
- name: busybox
image: registry.k8s.io/busybox
command:
- "/bin/sh"
- "-c"
args:
- |
echo KEY1=$KEY1
echo KEY2=$(KEY2)_SUFFIX2
env:
- name: KEY1
valueFrom:
secretKeyRef:
name: secret01
key: key01
- name: KEY2
valueFrom:
secretKeyRef:
name: secret01
key: key02
EOF
kubectl apply -f po01.yaml
kubectl logs po01
kubectl describe secret secret01
kubectl get secret secret01 -o yaml
kubectl delete -f po01.yaml
-- 3. Pod作成(読み取り専用ボリュームにファイルを追加する場合)
cat <<-'EOF' > po02.yaml
apiVersion: v1
kind: Pod
metadata:
name: po02
labels:
app: busybox
spec:
containers:
- name: busybox
image: registry.k8s.io/busybox
command:
- "/bin/sh"
- "-c"
args:
- |
cat /etc/config/hoge/fuga/file1.conf
volumeMounts:
- name: secret01vol01
mountPath: /etc/config/
volumes:
- name: secret01vol01
secret:
secretName: secret01
items:
- key: file1.conf
path: ./hoge/fuga/file1.conf
EOF
kubectl apply -f po02.yaml
kubectl logs po02
kubectl delete -f po02.yaml
