chore: reorganize all image files and linted documents (#80)

* [PUBLISHER] upload files #62 * [PUBLISHER] upload files #63 * [PUBLISHER] upload files #64 * [PUBLISHER] upload files #65 * [PUBLISHER] upload files #66 * [PUBLISHER] upload files #67 * PUSH NOTE : test-document.md * PUSH NOTE : 09. Lp Functions.md * PUSH ATTACHMENT : mt-09.png * PUSH NOTE : 03. Measure Spaces.md * PUSH ATTACHMENT : mt-03.png * PUSH NOTE : 08. Comparison with the Riemann Integral.md * PUSH ATTACHMENT : mt-08.png * PUSH NOTE : 07. Dominated Convergence Theorem.md * PUSH ATTACHMENT : mt-07.png * PUSH NOTE : 06. Convergence Theorems.md * PUSH ATTACHMENT : mt-06.png * PUSH NOTE : 05. Lebesgue Integration.md * PUSH ATTACHMENT : mt-05.png * PUSH NOTE : test-document.md * [PUBLISHER] upload files #68 * [PUBLISHER] upload files #69 * PUSH NOTE : 08. Comparison with the Riemann Integral.md * PUSH ATTACHMENT : mt-08.png * PUSH NOTE : 02. Construction of Measure.md * PUSH ATTACHMENT : mt-02.png * DELETE FILE : _posts/2023-09-09-test-document.md * DELETE FILE : _posts/Mathematics/Measure Theory/2023-09-09-test-document.md * [PUBLISHER] upload files #70 * PUSH NOTE : Rules of Inference with Coq.md * PUSH NOTE : 수학 공부에 대한 고찰.md * PUSH NOTE : 04. Measurable Functions.md * PUSH ATTACHMENT : mt-04.png * PUSH NOTE : 07. Dominated Convergence Theorem.md * PUSH ATTACHMENT : mt-07.png * PUSH NOTE : 08. Comparison with the Riemann Integral.md * PUSH ATTACHMENT : mt-08.png * PUSH NOTE : 05. Lebesgue Integration.md * PUSH ATTACHMENT : mt-05.png * PUSH NOTE : 03. Measure Spaces.md * PUSH ATTACHMENT : mt-03.png * PUSH NOTE : 09. Lp Functions.md * PUSH ATTACHMENT : mt-09.png * PUSH NOTE : 06. Convergence Theorems.md * PUSH ATTACHMENT : mt-06.png * PUSH NOTE : 02. Construction of Measure.md * PUSH ATTACHMENT : mt-02.png * PUSH NOTE : 01. Algebra of Sets and Set Functions.md * PUSH ATTACHMENT : mt-01.png * PUSH NOTE : 블로그 이주 이야기.md * PUSH ATTACHMENT : blog-logo.png * PUSH ATTACHMENT : github-publisher.png * PUSH NOTE : 05. Services - Enabling Clients to Discover and Talk to Pods.md * PUSH ATTACHMENT : k8s-05.jpeg * PUSH NOTE : 18. Extending Kubernetes.md * PUSH ATTACHMENT : k8s-18.jpeg * PUSH NOTE : 11. Understanding Kubernetes Internals.md * PUSH ATTACHMENT : k8s-11.jpeg * PUSH NOTE : 04. Replication and Other Controllers - Deploying Managed Pods.md * PUSH ATTACHMENT : k8s-04.jpeg * PUSH NOTE : 10. StatefulSets - Deploying Replicated Stateful Applications.md * PUSH ATTACHMENT : k8s-10.jpeg * PUSH NOTE : 02. First Steps with Docker and Kubernetes.md * PUSH ATTACHMENT : k8s-02.jpeg * PUSH NOTE : 06. Volumes - Attaching Disk Storage to Containers.md * PUSH ATTACHMENT : k8s-06.jpeg * PUSH NOTE : 12. Securing the Kubernetes API Server.md * PUSH ATTACHMENT : k8s-12.jpeg * PUSH NOTE : 07. ConfigMaps and Secrets - Configuring Applications.md * PUSH ATTACHMENT : k8s-07.jpeg * PUSH NOTE : 13. Securing Cluster Nodes and the Network.md * PUSH ATTACHMENT : k8s-13.jpeg * PUSH NOTE : 09. Deployments - Updating Applications Declaratively.md * PUSH ATTACHMENT : k8s-09.jpeg * PUSH NOTE : 17. Best Practices for Developing Apps.md * PUSH ATTACHMENT : k8s-17.jpeg * PUSH NOTE : 16. Advanced Scheduling.md * PUSH ATTACHMENT : k8s-16.jpeg * PUSH NOTE : 08. Accessing Pod Metadata and Other Resources from Applications.md * PUSH ATTACHMENT : k8s-08.jpeg * PUSH NOTE : 15. Automatic Scaling of Pods and Cluster Nodes.md * PUSH ATTACHMENT : k8s-15.jpeg * PUSH NOTE : 01. Introducing Kubernetes.md * PUSH ATTACHMENT : k8s-01.jpeg * PUSH NOTE : 03. Pods - Running Containers in Kubernetes.md * PUSH ATTACHMENT : k8s-03.jpeg * PUSH NOTE : 14. Managing Pods' Computational Resources.md * PUSH ATTACHMENT : k8s-14.jpeg * [PUBLISHER] upload files #71 * PUSH NOTE : test-document.md * PUSH NOTE : test-document.md * PUSH ATTACHMENT : test-image.png * DELETE FILE : assets/img/posts/test/test-image.png * [PUBLISHER] upload files #72 * PUSH NOTE : test-document.md * PUSH ATTACHMENT : test-image.png * DELETE FILE : assets/img/posts/test/test-image.png * [PUBLISHER] upload files #73 * PUSH NOTE : test-document.md * PUSH ATTACHMENT : test-image.png * chore: remove test files * [PUBLISHER] upload files #74 * PUSH NOTE : 01. Algebra of Sets and Set Functions.md * PUSH ATTACHMENT : mt-01.png * DELETE FILE : assets/img/posts/Mathematics/Measure Theory/mt-01.png * [PUBLISHER] upload files #76 * PUSH NOTE : 01. Algebra of Sets and Set Functions.md * PUSH ATTACHMENT : mt-01.png * [PUBLISHER] upload files #77 * PUSH NOTE : 09. Lp Functions.md * PUSH ATTACHMENT : mt-09.png * PUSH NOTE : 08. Comparison with the Riemann Integral.md * PUSH ATTACHMENT : mt-08.png * PUSH NOTE : 07. Dominated Convergence Theorem.md * PUSH ATTACHMENT : mt-07.png * PUSH NOTE : 06. Convergence Theorems.md * PUSH ATTACHMENT : mt-06.png * PUSH NOTE : 05. Lebesgue Integration.md * PUSH ATTACHMENT : mt-05.png * PUSH NOTE : 04. Measurable Functions.md * PUSH ATTACHMENT : mt-04.png * PUSH NOTE : 03. Measure Spaces.md * PUSH ATTACHMENT : mt-03.png * PUSH NOTE : 01. Algebra of Sets and Set Functions.md * PUSH ATTACHMENT : mt-01.png * chore: remove images * [PUBLISHER] upload files #78 * PUSH NOTE : 09. Lp Functions.md * PUSH ATTACHMENT : mt-09.png * PUSH NOTE : 08. Comparison with the Riemann Integral.md * PUSH ATTACHMENT : mt-08.png * PUSH NOTE : 07. Dominated Convergence Theorem.md * PUSH ATTACHMENT : mt-07.png * PUSH NOTE : 06. Convergence Theorems.md * PUSH ATTACHMENT : mt-06.png * PUSH NOTE : 05. Lebesgue Integration.md * PUSH ATTACHMENT : mt-05.png * PUSH NOTE : 04. Measurable Functions.md * PUSH ATTACHMENT : mt-04.png * PUSH NOTE : 03. Measure Spaces.md * PUSH ATTACHMENT : mt-03.png * PUSH NOTE : 01. Algebra of Sets and Set Functions.md * PUSH ATTACHMENT : mt-01.png * PUSH NOTE : 18. Extending Kubernetes.md * PUSH ATTACHMENT : k8s-18.jpeg * PUSH NOTE : 17. Best Practices for Developing Apps.md * PUSH ATTACHMENT : k8s-17.jpeg * PUSH NOTE : 16. Advanced Scheduling.md * PUSH ATTACHMENT : k8s-16.jpeg * PUSH NOTE : 15. Automatic Scaling of Pods and Cluster Nodes.md * PUSH ATTACHMENT : k8s-15.jpeg * PUSH NOTE : 14. Managing Pods' Computational Resources.md * PUSH ATTACHMENT : k8s-14.jpeg * PUSH NOTE : 13. Securing Cluster Nodes and the Network.md * PUSH ATTACHMENT : k8s-13.jpeg * PUSH NOTE : 12. Securing the Kubernetes API Server.md * PUSH ATTACHMENT : k8s-12.jpeg * PUSH NOTE : 11. Understanding Kubernetes Internals.md * PUSH ATTACHMENT : k8s-11.jpeg * PUSH NOTE : 10. StatefulSets - Deploying Replicated Stateful Applications.md * PUSH ATTACHMENT : k8s-10.jpeg * PUSH NOTE : 09. Deployments - Updating Applications Declaratively.md * PUSH ATTACHMENT : k8s-09.jpeg * PUSH NOTE : 08. Accessing Pod Metadata and Other Resources from Applications.md * PUSH ATTACHMENT : k8s-08.jpeg * PUSH NOTE : 07. ConfigMaps and Secrets - Configuring Applications.md * PUSH ATTACHMENT : k8s-07.jpeg * PUSH NOTE : 06. Volumes - Attaching Disk Storage to Containers.md * PUSH ATTACHMENT : k8s-06.jpeg * PUSH NOTE : 05. Services - Enabling Clients to Discover and Talk to Pods.md * PUSH ATTACHMENT : k8s-05.jpeg * PUSH NOTE : 04. Replication and Other Controllers - Deploying Managed Pods.md * PUSH ATTACHMENT : k8s-04.jpeg * PUSH NOTE : 03. Pods - Running Containers in Kubernetes.md * PUSH ATTACHMENT : k8s-03.jpeg * PUSH NOTE : 02. First Steps with Docker and Kubernetes.md * PUSH ATTACHMENT : k8s-02.jpeg * PUSH NOTE : 01. Introducing Kubernetes.md * PUSH ATTACHMENT : k8s-01.jpeg * [PUBLISHER] upload files #79 * PUSH NOTE : 02. Construction of Measure.md * PUSH ATTACHMENT : mt-02.png
2025-12-06 22:53:51 +00:00 · 2023-09-10 17:38:27 +09:00
parent e5f865ff0c
commit 3c0c6a13ca
54 changed files with 266 additions and 132 deletions
--- a/_posts/Development/Kubernetes/2021-04-18-07-configmaps-and-secrets.md
+++ b/_posts/Development/Kubernetes/2021-04-18-07-configmaps-and-secrets.md
@@ -7,19 +7,22 @@ title: "07. ConfigMaps and Secrets: Configuring Applications"
 date: "2021-04-18"
 github_title: "2021-04-18-07-configmaps-and-secrets"
 image:
-  path: /assets/img/posts/k8s-07.jpeg
+  path: /assets/img/posts/Development/Kubernetes/k8s-07.jpeg
+attachment:
+  folder: assets/img/posts/Development/Kubernetes
 ---

-![k8s-07.jpeg](../../../assets/img/posts/k8s-07.jpeg) _Combining a ConfigMap and a Secret to run your fortune-https pod (출처: https://livebook.manning.com/book/kubernetes-in-action/chapter-7)_
+![k8s-07.jpeg](../../../assets/img/posts/Development/Kubernetes/k8s-07.jpeg) _Combining a ConfigMap and a Secret to run your fortune-https pod (출처: https://livebook.manning.com/book/kubernetes-in-action/chapter-7)_

 거의 대부분의 앱은 설정(configuration)이 필요하다. 개발 서버, 배포 서버의 설정 사항 (접속하려는 DB 서버 주소 등)이 다를 수도 있고, 클라우드 등에 접속하기 위한 access key 가 필요하거나, 데이터를 암호화하는 encryption key 도 설정해야하는 경우가 있다. 이러한 경우에 해당 값들을 도커 이미지 자체에 넣어버리면 보안 상 취약하고, 또 설정 사항을 변경하는 경우 이미지를 다시 빌드해야하는 등 불편함이 따른다.

 이번 장에서는 Kubernetes 에서 돌아가는 애플리케이션에 설정 사항을 넘겨주는 방법을 알아본다.

 ## 7.1 컨테이너화 된 애플리케이션 설정하기
+
 ---

-보통 애플리케이션의 설정 사항을 관리할 때에는 configuration file 이 존재하게 된다. (`.properties`, `.env` 등) 
+보통 애플리케이션의 설정 사항을 관리할 때에는 configuration file 이 존재하게 된다. (`.properties`, `.env` 등)

 그런데 Docker 를 사용하면, config file 을 컨테이너로 옮기는 명령이 Dockerfile 에 필요하게 되고, config file 을 수정하면 이미지를 다시 빌드해야하기 때문에 보통은 컨테이너에 환경 변수(environment variables)를 전달하는 방식으로 사용한다. 그리고 애플리케이션은 환경 변수를 조회하여 사용할 수 있다.

@@ -29,8 +32,9 @@ image:
 - 컨테이너에 command line argument 전달하기
 - 컨테이너마다 환경 변수 설정하기
 - Volume 을 이용해서 config file mount 하기
-  
+
 ## 7.2 컨테이너에 command line argument 전달하기
+
 ---

 보통은 컨테이너 이미지에 정의된 기본 명령으로 이미지를 실행하지만, Kubernetes 에서는 해당 명령을 override 하여 다른 명령을 실행하도록 할 수 있다. 그래서 실행할 때 추가로 argument 를 전달할 수 있게 된다.
@@ -50,17 +54,17 @@ Dockerfile 에서 다음 명령을 사용할 수 있다.
 > - `CMD ["executable","param1","param2"]` (*exec* form, this is the preferred form)
 > - `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*)
 > - `CMD command param1 param2` (*shell* form)
->
+> 
 > Dockerfile 에는 하나의 `CMD` 만 존재할 수 있으며, **The main purpose of a CMD is to provide defaults for an executing container.** 라고 한다.
 > *provide default* 라고 했기 때문에 이는 overriding 이 가능하다는 것이다.
->
+> 
 > `ENTRYPOINT` 를 사용하면 컨테이너가 실행될 때 `ENTRYPOINT` 에서 지정한 명령을 수행하고, `CMD` 도 마찬가지지만 `CMD` 의 경우 컨테이너 실행시 인자값을 주면 Dockerfile 의 `CMD` 를 override 하여 실행한다.
->
+> 
 > Reference 에서도 이 둘의 사용법을 설명해줬다.
 > 
 > Both `CMD` and `ENTRYPOINT` instructions define what command gets executed when running a container. There are few rules that describe their co-operation.
 > - Dockerfile should specify at least one of `CMD` or `ENTRYPOINT` commands.
-> - `ENTRYPOINT` should be defined when using the container as an executable. 
+> - `ENTRYPOINT` should be defined when using the container as an executable.
 > - `CMD` should be used as a way of defining default arguments for an `ENTRYPOINT` command or for executing an ad-hoc command in a container.
 > - `CMD` will be overridden when running the container with alternative arguments.

@@ -107,6 +111,7 @@ spec:
 `command`, `args` 필드는 컨테이너가 시작되면 수정할 수 없다.

 ## 7.3 컨테이너 환경 변수 설정하기
+
 ---

 Pod 레벨에서 환경 변수를 설정하고 컨테이너가 이를 상속하게 하는 옵션은 존재하지 않는다.
@@ -146,6 +151,7 @@ env:
 만약 pod 설정을 재사용하고 싶다면 config 와 pod 설정을 분리해야 하므로, 쿠버네티스에서는 ConfigMap 리소스를 제공한다.

 ## 7.4 ConfigMap 으로 설정 분리하기
+
 ---

 앱 설정 사항을 만들 때 가장 많이 고려하는 부분은 자주 바뀌는 설정을 코드와 분리하는 것이다. (그래서 config file 도 만들고, 환경 변수도 쓰고...)
@@ -310,6 +316,7 @@ ConfigMap 을 업데이트하는데 앱이 만약 설정이 변경된 것을 rel
 (??? atomic 하게 된다고 했던 것 같은데...)

 ## 7.5 Secrets for sensitive data
+
 ---

 Credential 의 경우 안전하게 전달되어야 한다.
@@ -386,7 +393,6 @@ Most resource types require a name that can be used as a DNS subdomain name as d
 - start with an alphanumeric character
 - end with an alphanumeric character

-
 ### Resolution of key collisions when creating ConfigMaps?

 - 그냥 애초에 생성이 안 되는 듯 하다.
@@ -423,7 +429,7 @@ data:

 When a ConfigMap already being consumed in a volume is updated, *projected keys are eventually updated as well*. **Kubelet is checking whether the mounted ConfigMap is fresh on every periodic sync**.

-However, it is using its *local ttl-based cache* for getting the current value of the ConfigMap. As a result, the total delay [from the moment when the ConfigMap is updated to the moment when new keys are projected to the pod] can be as long as kubelet sync period (1 minute by default) + ttl of ConfigMaps cache (1 minute by default) in kubelet. 
+However, it is using its *local ttl-based cache* for getting the current value of the ConfigMap. As a result, the total delay [from the moment when the ConfigMap is updated to the moment when new keys are projected to the pod] can be as long as kubelet sync period (1 minute by default) + ttl of ConfigMaps cache (1 minute by default) in kubelet.

 You can trigger an immediate refresh by updating one of the pod's annotations.