search

sungsoo / sungsoo.github.io

Sung-Soo Kim's Blog
30 stars 8 forks source link

feat: Database access using SSL/TLS certificates #16

Open sungsoo opened 2 years ago

sungsoo commented 2 years ago

feat: Database access using SSL/TLS certificates

Deployment YAML

mysql-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql:8.0.26
        env:
        - name: MYSQL_ROOT_USERNAME
          valueFrom:
            secretKeyRef:
              name: mysqldb-secret
              key: mysql-root-username
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysqldb-secret
              key: mysql-root-password
        ports:
        - containerPort: 3306

Kubernetes Secret

base64 encoding

(base) ╭─sungsoo@lavender ~
╰─$  echo -n 'username' | base64
dXNlcm5hbWU=
(base) ╭─sungsoo@lavender ~
╰─$  echo -n 'password' | base64
cGFzc3dvcmQ=

MySQL Secret

mysql-secret.yaml file

apiVersion: v1
kind: Secret
metadata:
  name: mysqldb-secret
type: Opaque
data:
  mysql-root-username: dXNlcm5hbWU=
  mysql-root-password: cGFzc3dvcmQ=

References

  1. Kubernetes에 MySQL Pod 띄우기