Pod is a single or bunch of containers that is controlled as a single application
-
Containers inside the Pod operate closely together and share a common life cycle, but has to be scheduled on the same node.
-
Pods are managed as a unit and share common environment wrt volume and IP address space.
-
Every Pods consists of master container that satisfies of balancing the workload among the other containers that facilitate to orchestrate other related tasks.
-
For example, a pod may have one container running the primary application server and a helper container pulling down files to the shared file system when changes are detected in an external repository.
-
Users are recommended not to manage pods themselves, because they might miss few features specifically needed in applications.
-
Users are advised to operate with the objects that use pod templates as base components and add additional functionality to them.
Use Secrets in Pods
To use Secrets inside Pods, choose to expose pods in environment variables or mount the Secrets as volumes.
In terms of accessing Secrets inside a Pod, add env section inside the container spec
// using access-token Secret inside a Pod
# cat 2-7-2_env.yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-pod-env
spec:
containers:
- name: ubuntu
image: ubuntu
command: ["/bin/sh", "-c", "while : ;do echo $ACCESS_TOKEN; sleep 10; done"]
env:
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: access-token
key: 2-7-1_access-token
// create a pod
# kubectl create -f 2-7-2_env.yaml
pod "secret-pod-env" created
Below example, expose 2-7-1_access-token key in access-token Secret as ACCESS_TOKEN environment variable, and print it out through a while infinite loop .
// check stdout logs
# kubectl logs -f secret-pod-env
9S!g0U616456r
