やったこと
SealedSecret を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
インストール
$ brew install kubeseal
$ kubeseal --version
kubeseal version: v0.13.1SealedSecret をインストール
$ k apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.12.5/controller.yaml$ k get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key
NAME TYPE DATA AGE
sealed-secrets-key9d899 kubernetes.io/tls 2 5m8sSealsedSecret リソースを作成する
secret-hoge2.yaml
apiVersion: v1
kind: Secret
metadata:
name: first-sealed-secret
type: Opaque
data:
AAA: MTIz
BBB: NDU2
CCC: YWJj$ kubeseal -o yaml < secret-hoge2.yaml > sealed-secret-hoge2.yaml確認
$ k get sealedsecret/first-sealed-secret secret/first-sealed-secret
NAME AGE
sealedsecret.bitnami.com/first-sealed-secret 3m35s
NAME TYPE DATA AGE
secret/first-sealed-secret Opaque 3 3m35sPod を起動して読み込む
sample-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
- name: nginx-container
image: nginx:1.17
envFrom:
- secretRef:
name: first-sealed-secret$ k apply -f sample-pod.yaml
pod/sample-pod created
$ k exec -it sample-pod -- env
(省略)
AAA=123
BBB=456
CCC=abc
(省略)環境変数が読み込めています。