[Udemy] Secrets

Secrets

 

DB password를 Secret을 활용하여 사용해보자

 

모든 파일은 kube-manifests/ 폴더 안에 넣어두어, 일괄적으로 생성한다.

 

Storage class 생성

 

# Storage-class.yaml 파일 생성

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: managed-premium-retain-sc
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain  # Default is Delete, recommended is retain
volumeBindingMode: WaitForFirstConsumer # Default is Immediate, recommended is WaitForFirstConsumer
allowVolumeExpansion: true  
parameters:
  storageaccounttype: Premium_LRS # or we can use Standard_LRS
  kind: Managed # Default is shared, recommended is Managed

 

Persistent Volume Claim 생성

 

# Persistent-Volume-Claim.yaml 파일 생성

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: azure-managed-disk-pvc
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: managed-premium-retain-sc 
  resources:
    requests:
      storage: 5Gi

 

ConfigMap 생성

 

# UserManagement-ConfigMap.yaml 파일 생성

apiVersion: v1
kind: ConfigMap
metadata:
  name: usermanagement-dbcreation-script
data: 
  mysql_usermgmt.sql: |-
    DROP DATABASE IF EXISTS webappdb;
    CREATE DATABASE webappdb;

 

mysql Deployment 생성

 

# mysql-deployment.yaml 파일 생성

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
spec: 
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  strategy:
    type: Recreate 
  template: 
    metadata: 
      labels: 
        app: mysql
    spec: 
      containers:
        - name: mysql
          image: mysql:5.6
          env:
            - name: MYSQL_ROOT_PASSWORD
              valueFrom: 
                secretKeyRef:
                  name: mysql-db-password
                  key: db-password
          ports:
            - containerPort: 3306
              name: mysql    
          volumeMounts:
            - name: mysql-persistent-storage
              mountPath: /var/lib/mysql    
            - name: usermanagement-dbcreation-script
              mountPath: /docker-entrypoint-initdb.d #https://hub.docker.com/_/mysql Refer Initializing a fresh instance                                            
      volumes: 
        - name: mysql-persistent-storage
          persistentVolumeClaim:
            claimName: azure-managed-disk-pvc
        - name: usermanagement-dbcreation-script
          configMap:
            name: usermanagement-dbcreation-script

DB의 password를 

Kubernetes-Secrets.yaml 파일의 mysql-db-password 키값을 가져올거다.

 

mysql cluster ip 생성

 

# mysql-clusterip-service.yaml 파일 생성

apiVersion: v1
kind: Service
metadata: 
  name: mysql
spec:
  selector:
    app: mysql 
  ports: 
    - port: 3306  
  clusterIP: None # This means we are going to use Pod IP

 

UserMgmtWebApp Deployment 생성

 

# UserMgmtWebApp-Deployment.yaml 파일 생성

apiVersion: apps/v1
kind: Deployment 
metadata:
  name: usermgmt-webapp
  labels:
    app: usermgmt-webapp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: usermgmt-webapp
  template:  
    metadata:
      labels: 
        app: usermgmt-webapp
    spec:
      initContainers:
        - name: init-db
          image: busybox:1.31
          command: ['sh', '-c', 'echo -e "Checking for the availability of MySQL Server deployment"; while ! nc -z mysql 3306; do sleep 1; printf "-"; done; echo -e "  >> MySQL DB Server has started";']      
      containers:
        - name: usermgmt-webapp
          image: stacksimplify/kube-usermgmt-webapp:1.0.0-MySQLDB
          imagePullPolicy: Always
          ports: 
            - containerPort: 8080           
          env:
            - name: DB_HOSTNAME
              value: "mysql"            
            - name: DB_PORT
              value: "3306"            
            - name: DB_NAME
              value: "webappdb"            
            - name: DB_USERNAME
              value: "root"            
            - name: DB_PASSWORD
              valueFrom: 
                secretKeyRef:
                  name: mysql-db-password
                  key: db-password

 

DB의 password를 

Kubernetes-Secrets.yaml 파일의 mysql-db-password 키값을 가져올거다.

 

UserMgmtWebApp Service 생성

 

# UserMgmtWebApp-Service.yaml 파일 생성

apiVersion: v1
kind: Service
metadata:
  name: usermgmt-webapp-service
  labels: 
    app: usermgmt-webapp
spec: 
  type: LoadBalancer
  selector: 
    app: usermgmt-webapp
  ports: 
    - port: 80
      targetPort: 8080

 

 

Secrets 생성

 

# Kubernetes-Secrets.yaml 파일 생성

apiVersion: v1
kind: Secret
metadata:
  name: mysql-db-password
type: Opaque
data:
  db-password: ZGJwYXNzd29yZDEx

 

해당 패스워드는 base64로 변환하여 적용한다.

dbpassword11 > ZGJwYXNzd29yZDEx

 

변환 사이트 : https://www.base64encode.org

Base64 Encode and Decode - Online

 

생성 및 확인

 

# 생성

# Create All Objects
kubectl apply -f kube-manifests/

 

# 확인

kubectl get svc     
---
NAME                      TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)        AGE
kubernetes                ClusterIP      10.0.0.1       <none>          443/TCP        17h
mysql                     ClusterIP      None           <none>          3306/TCP       13m
usermgmt-webapp-service   LoadBalancer   10.0.196.178   4.230.158.250   80:30630/TCP   13m

kubectl get pods
---
NAME                               READY   STATUS        RESTARTS   AGE
mysql-5dd79b6f45-jpfj8             1/1     Running       0          55s
usermgmt-webapp-5b77897684-kqvhz   1/1     Running       0          55s
usermgmt-webapp-f47699955-tqt45    1/1     Terminating   0          13m

 

# External IP로 접근

 

---

[참고 영상]

Udemy - Azure Kubernetes Service with Azure DevOps and Terraform

섹션 8 : Kubernetes Storage

 

[참고 문서]

https://github.com/stacksimplify/azure-aks-kubernetes-masterclass/tree/master/07-Kubernetes-Secrets