前言
。
一、创建Secret
1、base64加密
[root@k8s-master k8s]# echo -n "root" | base64
cm9vdA==
[root@k8s-master k8s]# echo -n "root123" | base64
cm9vdDEyMw==
2、secret.yaml
[root@k8s-master k8s]# cat secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: secret-test
data:
username: cm9vdA==
password: cm9vdDEyMw==
3、创建
[root@k8s-master k8s]# kubectl create -f secret.yaml
secret/secret-test created
4、查看secret
[root@k8s-master k8s]# kubectl get secret
NAME TYPE DATA AGE
secret-test Opaque 2 8s
5、查看secret详细信息
[root@k8s-master k8s]# kubectl describe secret secret-test
Name: secret-test
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 7 bytes
username: 4 bytes
二、使用Secret
1、设置环境变量
(1) secret-env.yaml
[root@k8s-master k8s]# cat secret-env.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
app: secret-env
name: secret-env
spec:
containers:
- image: busybox
name: secret-env
command: [ "/bin/sh", "-c", "env" ]
envFrom:
- secretRef:
name: secret-test
(2)创建
[root@k8s-master k8s]# kubectl create -f secret-env.yaml
pod/secret-env created
(3)查看日志
[root@k8s-master k8s]# kubectl logs secret-env
NGINX_SERVICE_NODEPORT_PORT=tcp://10.106.65.70:80
NGINX_SERVICE_NODEPORT_SERVICE_PORT=80
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
HOSTNAME=secret-env
SHLVL=1
username=root
password=root123
2、用作命令行参数
(1) secret-cmd.yaml
[root@k8s-master k8s]# cat secret-cmd.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
app: secret-cmd
name: secret-cmd
spec:
containers:
- image: busybox
name: secret-cmd
command: [ "/bin/sh", "-c", "echo ${PASSWORD}" ]
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: secret-test
key: password
(2)创建
[root@k8s-master k8s]# kubectl create -f secret-cmd.yaml
pod/secret-cmd created
(3)查看日志
[root@k8s-master k8s]# kubectl logs secret-cmd
root123
3、作为文件挂载
(1)secret-volume.yaml
rootroot123[root@k8s-master k8s]# cat secret-volume.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
app: secret-volume
name: secret-volume
spec:
volumes:
- name: secrets
secret:
secretName: secret-test
containers:
- image: busybox
name: secret-volume
command: [ "/bin/sh", "-c", "cat /etc/secrets/username; cat /etc/secrets/password" ]
volumeMounts:
- name: secrets
mountPath: "/etc/secrets"
readOnly: true
(2)创建
[root@k8s-master k8s]# kubectl create -f secret-volume.yaml
pod/secret-volume created
(3)查看日志
pod/secret-volume created
[root@k8s-master k8s]# kubectl logs secret-volume
rootroot123