์ด ๊ธ€์—์„œ ๋‹ค๋ฃจ๋Š” ๊ฒƒ

์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ์„ค์ •๊ฐ’(ConfigMap)๊ณผ ๋ฏผ๊ฐ ์ •๋ณด(Secret)๋ฅผ ์ฝ”๋“œ์—์„œ ๋ถ„๋ฆฌํ•˜์—ฌ Kubernetes ๋ฆฌ์†Œ์Šค๋กœ ๊ด€๋ฆฌํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ๋‹ค๋ฃน๋‹ˆ๋‹ค.

์„ ์ˆ˜์ง€์‹

์ด ๋‹จ๊ณ„์—์„œ ํ•ด๊ฒฐํ•˜๋ ค๋Š” ๋ฌธ์ œ

์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ์ฝ”๋“œ์— DB ๋น„๋ฐ€๋ฒˆํ˜ธ๋‚˜ ํ™˜๊ฒฝ ์„ค์ •์„ ํ•˜๋“œ์ฝ”๋”ฉํ•˜๋ฉด, ํ™˜๊ฒฝ๋ณ„ ๋ฐฐํฌ๊ฐ€ ์–ด๋ ต๊ณ  ๋ณด์•ˆ ์œ„ํ—˜์ด ์ƒ๊น๋‹ˆ๋‹ค. Kubernetes์˜ ConfigMap๊ณผ Secret์„ ์‚ฌ์šฉํ•˜๋ฉด ์„ค์ •๊ณผ ์ฝ”๋“œ๋ฅผ ๋ถ„๋ฆฌํ•˜๊ณ , ํ™˜๊ฒฝ ๋ณ€์ˆ˜๋กœ Pod์— ์ฃผ์ž…ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์‹ค์Šต ์ฝ”๋“œ: GitHub (Configmap_and_Secret)

๐Ÿงญ ์ „์ฒด ํ๋ฆ„ ์š”์•ฝ

โ‘  ConfigMap ์ƒ์„ฑ (์ผ๋ฐ˜ ์„ค์ •๊ฐ’)
โ‘ก Secret ์ƒ์„ฑ (๋ฏผ๊ฐ ์ •๋ณด โ€“ base64 ์ธ์ฝ”๋”ฉ)
โ‘ข Pod์— ํ™˜๊ฒฝ ๋ณ€์ˆ˜๋กœ ์ฃผ์ž…
โ‘ฃ ์ปจํ…Œ์ด๋„ˆ ์•ˆ์—์„œ ๊ฐ’ ํ™•์ธ (env ๋ช…๋ น์–ด)
โ‘ค ์‹ค์ „ ์ ์šฉ ๋ฐ ๋ณด์•ˆ ์ฃผ์˜์‚ฌํ•ญ ํ•™์Šต

๐Ÿ“‚ ์‹ค์Šต์— ์‚ฌ์šฉ๋œ ํŒŒ์ผ ๊ตฌ์„ฑ

k8s-configmap-secret/
โ”œโ”€โ”€ configmap.yaml     # ์ผ๋ฐ˜ ์„ค์ •๊ฐ’ ์ •์˜
โ”œโ”€โ”€ secret.yaml        # ๋ฏผ๊ฐ ์ •๋ณด (base64 ์ธ์ฝ”๋”ฉ)
โ”œโ”€โ”€ pod-env.yaml       # Pod ํ™˜๊ฒฝ ๋ณ€์ˆ˜๋กœ ์ฃผ์ž…
โ””โ”€โ”€ README.md

๐Ÿ“„ ์ฃผ์š” YAML ํŒŒ์ผ ์ •๋ฆฌ

configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  APP_MODE: "production"
  APP_PORT: "8080"

secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: app-secret
type: Opaque
data:
  DB_PASSWORD: c3VwZXJzZWNyZXQ=   # base64 โ†’ "supersecret"

์ธ์ฝ”๋”ฉ ๋ฐฉ๋ฒ•: echo -n "supersecret" | base64

pod-env.yaml

apiVersion: v1
kind: Pod
metadata:
  name: env-demo
spec:
  containers:
  - name: demo-container
    image: busybox
    command: [ "sh", "-c", "env; sleep 3600" ]
    env:
    - name: APP_MODE
      valueFrom:
        configMapKeyRef:
          name: app-config
          key: APP_MODE
    - name: APP_PORT
      valueFrom:
        configMapKeyRef:
          name: app-config
          key: APP_PORT
    - name: DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: app-secret
          key: DB_PASSWORD

๐Ÿงช ์‹ค์Šต ์‹คํ–‰ ๋ฐ ๊ฒ€์ฆ

kubectl apply -f configmap.yaml
kubectl apply -f secret.yaml
kubectl apply -f pod-env.yaml

kubectl get pods
kubectl describe pod env-demo
kubectl exec -it env-demo -- sh

# ์ปจํ…Œ์ด๋„ˆ ๋‚ด๋ถ€์—์„œ ํ™•์ธ
env

# ์ถœ๋ ฅ ์˜ˆ์‹œ (์ค‘๊ฐ„ ์ƒ๋žต)
APP_MODE=production
APP_PORT=8080
DB_PASSWORD=supersecret

๐ŸŽฏ ์ •๋ฆฌ ์š”์•ฝ

๊ตฌ๋ถ„์„ค๋ช…
ConfigMap๋น„๋ฏผ๊ฐ ์„ค์ •๊ฐ’ ์ €์žฅ (APP_MODE, APP_PORT ๋“ฑ)
Secret๋ฏผ๊ฐํ•œ ๋ฐ์ดํ„ฐ ์ €์žฅ (๋น„๋ฐ€๋ฒˆํ˜ธ, API ํ‚ค ๋“ฑ) โ€“ base64 ์ธ์ฝ”๋”ฉ
์ฃผ์ž… ๋ฐฉ์‹env๋ฅผ ํ†ตํ•ด ์ปจํ…Œ์ด๋„ˆ์— ์ฃผ์ž…
๋ณด์•ˆ ์ฃผ์˜Secret์€ ์ธ์ฝ”๋”ฉ์ผ ๋ฟ, RBAC ๋ฐ ์ ‘๊ทผ ์ œ์–ด ํ•„์ˆ˜

์„ค๊ณ„ ํŒ๋‹จ (Why This Way?)

ConfigMap์€ ์ผ๋ฐ˜ ์„ค์ •, Secret์€ ๋ฏผ๊ฐ ์ •๋ณด๋ฅผ ๋ถ„๋ฆฌ ๊ด€๋ฆฌํ•˜๋˜, Secret์˜ base64๋Š” ์•”ํ˜ธํ™”๊ฐ€ ์•„๋‹ˆ๋ฏ€๋กœ ํ”„๋กœ๋•์…˜์—์„œ๋Š” SealedSecrets์ด๋‚˜ Vault ๊ฐ™์€ ์ถ”๊ฐ€ ๋ณด์•ˆ ์กฐ์น˜๊ฐ€ ํ•„์ˆ˜์ž…๋‹ˆ๋‹ค.

๋‹ค์Œ์— ์ฝ์„ ๊ธ€

โ†’ Kubernetes 3๋‹จ๊ณ„: Ingress & Nginx Controller โ€” ์™ธ๋ถ€ ํŠธ๋ž˜ํ”ฝ ๋ผ์šฐํŒ… ๊ตฌ์„ฑ