[Udemy] Secrets
Secrets
DB password를 Secret을 활용하여 사용해보자
모든 파일은 kube-manifests/ 폴더 안에 넣어두어, 일괄적으로 생성한다.
Storage class 생성
# Storage-class.yaml 파일 생성
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: managed-premium-retain-sc
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Retain # Default is Delete, recommended is retain
volumeBindingMode: WaitForFirstConsumer # Default is Immediate, recommended is WaitForFirstConsumer
allowVolumeExpansion: true
parameters:
storageaccounttype: Premium_LRS # or we can use Standard_LRS
kind: Managed # Default is shared, recommended is Managed
Persistent Volume Claim 생성
# Persistent-Volume-Claim.yaml 파일 생성
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: azure-managed-disk-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: managed-premium-retain-sc
resources:
requests:
storage: 5Gi
ConfigMap 생성
# UserManagement-ConfigMap.yaml 파일 생성
apiVersion: v1
kind: ConfigMap
metadata:
name: usermanagement-dbcreation-script
data:
mysql_usermgmt.sql: |-
DROP DATABASE IF EXISTS webappdb;
CREATE DATABASE webappdb;
mysql Deployment 생성
# mysql-deployment.yaml 파일 생성
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.6
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-db-password
key: db-password
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
- name: usermanagement-dbcreation-script
mountPath: /docker-entrypoint-initdb.d #https://hub.docker.com/_/mysql Refer Initializing a fresh instance
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: azure-managed-disk-pvc
- name: usermanagement-dbcreation-script
configMap:
name: usermanagement-dbcreation-scriptDB의 password를
Kubernetes-Secrets.yaml 파일의 mysql-db-password 키값을 가져올거다.
mysql cluster ip 생성
# mysql-clusterip-service.yaml 파일 생성
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
selector:
app: mysql
ports:
- port: 3306
clusterIP: None # This means we are going to use Pod IP
UserMgmtWebApp Deployment 생성
# UserMgmtWebApp-Deployment.yaml 파일 생성
apiVersion: apps/v1
kind: Deployment
metadata:
name: usermgmt-webapp
labels:
app: usermgmt-webapp
spec:
replicas: 1
selector:
matchLabels:
app: usermgmt-webapp
template:
metadata:
labels:
app: usermgmt-webapp
spec:
initContainers:
- name: init-db
image: busybox:1.31
command: ['sh', '-c', 'echo -e "Checking for the availability of MySQL Server deployment"; while ! nc -z mysql 3306; do sleep 1; printf "-"; done; echo -e " >> MySQL DB Server has started";']
containers:
- name: usermgmt-webapp
image: stacksimplify/kube-usermgmt-webapp:1.0.0-MySQLDB
imagePullPolicy: Always
ports:
- containerPort: 8080
env:
- name: DB_HOSTNAME
value: "mysql"
- name: DB_PORT
value: "3306"
- name: DB_NAME
value: "webappdb"
- name: DB_USERNAME
value: "root"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-db-password
key: db-password
DB의 password를
Kubernetes-Secrets.yaml 파일의 mysql-db-password 키값을 가져올거다.
UserMgmtWebApp Service 생성
# UserMgmtWebApp-Service.yaml 파일 생성
apiVersion: v1
kind: Service
metadata:
name: usermgmt-webapp-service
labels:
app: usermgmt-webapp
spec:
type: LoadBalancer
selector:
app: usermgmt-webapp
ports:
- port: 80
targetPort: 8080
Secrets 생성
# Kubernetes-Secrets.yaml 파일 생성
apiVersion: v1
kind: Secret
metadata:
name: mysql-db-password
type: Opaque
data:
db-password: ZGJwYXNzd29yZDEx
해당 패스워드는 base64로 변환하여 적용한다.
dbpassword11 > ZGJwYXNzd29yZDEx
변환 사이트 : https://www.base64encode.org
Base64 Encode and Decode - Online
Encode to Base64 format or decode from it with various advanced options. Our site has an easy to use online tool to convert your data.
www.base64encode.org
생성 및 확인
# 생성
# Create All Objects
kubectl apply -f kube-manifests/
# 확인
kubectl get svc
---
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 17h
mysql ClusterIP None <none> 3306/TCP 13m
usermgmt-webapp-service LoadBalancer 10.0.196.178 4.230.158.250 80:30630/TCP 13mkubectl get pods
---
NAME READY STATUS RESTARTS AGE
mysql-5dd79b6f45-jpfj8 1/1 Running 0 55s
usermgmt-webapp-5b77897684-kqvhz 1/1 Running 0 55s
usermgmt-webapp-f47699955-tqt45 1/1 Terminating 0 13m
# External IP로 접근
[참고 영상]
Udemy - Azure Kubernetes Service with Azure DevOps and Terraform
섹션 8 : Kubernetes Storage
[참고 문서]
https://github.com/stacksimplify/azure-aks-kubernetes-masterclass/tree/master/07-Kubernetes-Secrets