Ubuntu で Kubernetes 三昧その9(ConfigMaps)の続きです。
username に admin
password に 1f2d1e2e67df
を設定したいとします。
これを、Secret Object に data として設定できます。
data としてせっていするには、base64 によりエンコードする必要があります。
$ echo -n 'admin' | base64
YWRtaW4=
$ echo -n '1f2d1e2e67df' | base64
MWYyZDFlMmU2N2Rm
secret.yaml の内容は、次のようです。
@masternode1:~/kubernetes-examples/secrets$ kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: testsecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
EOF
secret/testsecret created
@masternode1:~/kubernetes-examples/secrets$ kubectl get secrets
NAME TYPE DATA AGE
testsecret Opaque 2 14s
この secret を Pod に inject してみます。
@masternode1:~/kubernetes-examples/secrets$ kubectl apply -f - <<EOF
> apiVersion: v1
kind: Pod
metadata:
name: nginxpod
spec:
containers:
- name: mypod
image: nginx:latest
volumes:
- name: foo
secret:
secretName: testsecret
> EOF
pod/nginxpod created
確認します。
@masternode1:~/kubernetes-examples/secrets$ kubectl get pod
NAME READY STATUS RESTARTS AGE
nginxpod 1/1 Running 0 12s
@masternode1:~/kubernetes-examples/secrets$ kubectl describe pod ngixpod
Error from server (NotFound): pods "ngixpod" not found
fujiwara@masternode1:~/kubernetes-examples/secrets$ kubectl describe pod nginxpod
Name: nginxpod
Namespace: default
Priority: 0
Service Account: default
Node: workernode1/10.0.2.7
Start Time: Mon, 30 Jun 2025 21:07:21 +0900
Labels: <none>
Annotations: <none>
Status: Running
IP: 10.32.0.2
IPs:
IP: 10.32.0.2
Containers:
mypod:
Container ID: containerd://7c57dede32793ef5592763b5b60a442e3ec8bb46afc783e2f62ab76cd24cfdbe
Image: nginx:latest
Image ID: docker.io/library/nginx@sha256:dc53c8f25a10f9109190ed5b59bda2d707a3bde0e45857ce9e1efaa32ff9cbc1
Port: <none>
Host Port: <none>
State: Running
Started: Mon, 30 Jun 2025 21:07:23 +0900
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-469sx (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
foo:
Type: Secret (a volume populated by a Secret)
SecretName: testsecret
Optional: false
kube-api-access-469sx:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
Optional: false
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 29s default-scheduler Successfully assigned default/nginxpod to workernode1
Normal Pulling 29s kubelet Pulling image "nginx:latest"
Normal Pulled 28s kubelet Successfully pulled image "nginx:latest" in 1.57s (1.57s including waiting). Image size: 72225606 bytes.
Normal Created 28s kubelet Created container: mypod
Normal Started 28s kubelet Started container mypod
このようになっていることが確認できました。
...(snip)...
Volumes:
foo:
Type: Secret (a volume populated by a Secret)
SecretName: testsecret
...(snip)...
Ubuntu で Kubernetes 三昧その11(Hashicorp Vault)に続く。
参考:
つづく。