본문 바로가기
Compute/kubernetis

[따배씨] 17. Secret 운영 / CKA 시험 문제 학습

by 조청유곽 2025. 1. 31.
반응형

이 포스팅은 아래의 유튜브 채널 "따배"를 따라서 학습한 내용입니다.  

 

 

[관련 이론]

 

 

 

 

 

 

 

[Precondition]

(1) 테스트 환경

(1.1) Rocky Linux Cluster 

: 직접 구성

[root@k8s-master ~]# k get nodes -o wide
NAME         STATUS   ROLES           AGE   VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                            KERNEL-VERSION                  CONTAINER-RUNTIME
k8s-master   Ready    control-plane   30d   v1.27.2   192.168.56.30   <none>        Rocky Linux 8.10 (Green Obsidian)   4.18.0-553.33.1.el8_10.x86_64   containerd://1.6.32
k8s-node1    Ready    <none>          30d   v1.27.2   192.168.56.31   <none>        Rocky Linux 8.8 (Green Obsidian)    4.18.0-477.10.1.el8_8.x86_64    containerd://1.6.21
k8s-node2    Ready    <none>          30d   v1.27.2   192.168.56.32   <none>        Rocky Linux 8.8 (Green Obsidian)    4.18.0-477.10.1.el8_8.x86_64    containerd://1.6.21
[root@k8s-master ~]#

 

(1.2) Ubuntu Cluster 

: kodekloud 테스트 환경 활용

controlplane ~ ➜  kubectl get nodes -o wide
NAME           STATUS   ROLES           AGE     VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION   CONTAINER-RUNTIME
controlplane   Ready    control-plane   9m6s    v1.31.0   192.6.94.6    <none>        Ubuntu 22.04.4 LTS   5.4.0-1106-gcp   containerd://1.6.26
node01         Ready    <none>          8m31s   v1.31.0   192.6.94.9    <none>        Ubuntu 22.04.4 LTS   5.4.0-1106-gcp   containerd://1.6.26

https://learn.kodekloud.com/user/courses/udemy-labs-certified-kubernetes-administrator-with-practice-tests

 

(2) 사전 필요 설정 

 

 

 

 

[Question]

Create a kubernetes secret and expose using a file in the pod.

1. Create a kubernetes Secret as follows:
- Name : super-secret
- DATA : password=secretpass

2. Create a Pod named pod-secrets-via-file, using the redis image, 
which mounts a secret named super-secret at /secrets.

3. Create a second Pod named pod-secrets-via-env, using the redis image, 
which exports password as PASSWORD

 

 

[Solve]

(1) secret 생성 

controlplane ~ ➜  k create secret generic super-secret --from-literal=password=secretpass --dry-run=client -o yaml 
apiVersion: v1
data:
  password: c2VjcmV0cGFzcw==
kind: Secret
metadata:
  creationTimestamp: null
  name: super-secret

 

: 생성한 secret을 base64로 decoding하면 "secretpass"가 확인됨 

 

 

(2) 1번 pod 생성 / secret을 file로 설정

controlplane ~ ➜  k run pod-secrets-via-file --image=redis --dry-run=client -o yaml 
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: pod-secrets-via-file
  name: pod-secrets-via-file
spec:
  containers:
  - image: redis
    name: pod-secrets-via-file
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}

controlplane ~ ➜  k run pod-secrets-via-file --image=redis --dry-run=client -o yaml > 17-pod1.yaml
controlplane ~ ➜  vi 17-pod1.yaml

 

 

: 문제에서 요구하는 secret 설정을 아래와 같이 수정 

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: pod-secrets-via-file
  name: pod-secrets-via-file
spec:
  containers:
  - image: redis
    name: pod-secrets-via-file
    volumeMounts:
      - name: secret-volume
        mountPath: /secrets
        readOnly: true
  volumes:
    - name: secret-volume
      secret:
        secretName: super-secret

 

 

(3) 2번 pod 생성 / secret을 env로 설정 

controlplane ~ ➜  k run pod-secrets-via-env --image=redis --dry-run=client -o yaml > 17-pod2.yaml
controlplane ~ ➜  vi 17-pod2.yaml
controlplane ~ ➜  cat 17-pod2.yaml 
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: pod-secrets-via-env
  name: pod-secrets-via-env
spec:
  containers:
  - image: redis
    name: pod-secrets-via-env
    env:
    - name: PASSWORD
      valueFrom:
        secretKeyRef:
          name: super-secret
          key: password

 

 

: 생성한 pod 확인 

controlplane ~ ➜  k describe pods/pod-secrets-via-env

 

controlplane ~ ➜  k exec -it pod-secrets-via-env -- env

 

 

[사용 커맨드 정리]

k create secret generic super-secret --from-literal=password=secretpass --dry-run=client -o yaml

k create secret generic super-secret --from-literal=password=secretpass

k run pod-secrets-via-file --image=redis --dry-run=client -o yaml 

k run pod-secrets-via-file --image=redis --dry-run=client -o yaml > 17-pod1.yaml

vi 17-pod1.yaml

k apply -f 17-pod1.yaml 

k run pod-secrets-via-env --image=redis --dry-run=client -o yaml 

k run pod-secrets-via-env --image=redis --dry-run=client -o yaml > 17-pod2.yaml

vi 17-pod2.yaml 

k apply -f 17-pod2.yaml 

k get pods 

k describe pods/pod-secrets-via-env 

k exec -it pod-secrets-via-env -- env

 

반응형
저작자표시 비영리 변경금지

'Compute > kubernetis' 카테고리의 다른 글

[따배씨] 19. Persistent Volume 생성 / CKA 시험 문제 학습  (0) 2025.02.01
[따배씨] 18. Ingress 구성/ CKA 시험 문제 학습  (0) 2025.02.01
[따배씨] 16. ConfigMap 운영 / CKA 시험 문제 학습  (0) 2025.01.31
[따배씨] 15. NodePort 서비스 생성 / CKA 시험 문제 학습  (0) 2025.01.31
[따배씨] 14. Init container를 포함한 pod 운영 / CKA 시험 문제 학습  (0) 2025.01.31

관련글

티스토리툴바