Ubuntu で Kubernetes 三昧その１０(Secrets)

Ubuntu で Kubernetes 三昧その９(ConfigMaps)の続きです。

username に admin
password に 1f2d1e2e67df
を設定したいとします。

これを、Secret Object に data として設定できます。
data としてせっていするには、base64 によりエンコードする必要があります。

$ echo -n 'admin' | base64
YWRtaW4=

$ echo -n '1f2d1e2e67df' | base64
MWYyZDFlMmU2N2Rm

secret.yaml の内容は、次のようです。

@masternode1:~/kubernetes-examples/secrets$ kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: testsecret
type: Opaque
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm
EOF
secret/testsecret created

@masternode1:~/kubernetes-examples/secrets$ kubectl get secrets
NAME         TYPE     DATA   AGE
testsecret   Opaque   2      14s

この secret を Pod に inject してみます。

@masternode1:~/kubernetes-examples/secrets$ kubectl apply -f - <<EOF
> apiVersion: v1
kind: Pod
metadata:
  name: nginxpod
spec:
  containers:
  - name: mypod
    image: nginx:latest
  volumes:
  - name: foo
    secret:
      secretName: testsecret
> EOF
pod/nginxpod created

確認します。

@masternode1:~/kubernetes-examples/secrets$ kubectl get pod
NAME       READY   STATUS    RESTARTS   AGE
nginxpod   1/1     Running   0          12s

@masternode1:~/kubernetes-examples/secrets$ kubectl describe pod ngixpod
Error from server (NotFound): pods "ngixpod" not found
fujiwara@masternode1:~/kubernetes-examples/secrets$ kubectl describe pod nginxpod
Name:             nginxpod
Namespace:        default
Priority:         0
Service Account:  default
Node:             workernode1/10.0.2.7
Start Time:       Mon, 30 Jun 2025 21:07:21 +0900
Labels:           <none>
Annotations:      <none>
Status:           Running
IP:               10.32.0.2
IPs:
  IP:  10.32.0.2
Containers:
  mypod:
    Container ID:   containerd://7c57dede32793ef5592763b5b60a442e3ec8bb46afc783e2f62ab76cd24cfdbe
    Image:          nginx:latest
    Image ID:       docker.io/library/nginx@sha256:dc53c8f25a10f9109190ed5b59bda2d707a3bde0e45857ce9e1efaa32ff9cbc1
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Mon, 30 Jun 2025 21:07:23 +0900
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-469sx (ro)
Conditions:
  Type                        Status
  PodReadyToStartContainers   True 
  Initialized                 True 
  Ready                       True 
  ContainersReady             True 
  PodScheduled                True 
Volumes:
  foo:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  testsecret
    Optional:    false
  kube-api-access-469sx:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    Optional:                false
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  29s   default-scheduler  Successfully assigned default/nginxpod to workernode1
  Normal  Pulling    29s   kubelet            Pulling image "nginx:latest"
  Normal  Pulled     28s   kubelet            Successfully pulled image "nginx:latest" in 1.57s (1.57s including waiting). Image size: 72225606 bytes.
  Normal  Created    28s   kubelet            Created container: mypod
  Normal  Started    28s   kubelet            Started container mypod

このようになっていることが確認できました。

...(snip)...
Volumes:
  foo:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  testsecret
...(snip)...

Ubuntu で Kubernetes 三昧その１１(Hashicorp Vault)に続く。

参考：

つづく。