使用Secret给容器传递敏感数据
介绍Secret
secret结构与ConfigMap类似。均是key/value的映射。Secret的使用方法也与configMap相同,可以
- 将secret条目作为环境变量传给容器
- 将secret条目暴露为卷中的文件
创建Secret
kubectl create secret generic credentials --from-file ./username.txt --from-file ./password.txt
Running kubectl get secret credentials -o yaml
returns the following output:
-----------------------
apiVersion: v1 data: password.txt: MTIzNAo= username.txt: YWRtaW4K kind: Secret metadata: creationTimestamp: ... name: credentials namespace: default resourceVersion: "2011810" selfLink: /api/v1/namespaces/default/secrets/credentials uid: ... type: Opaque
------
下图不是对应上边的
-------------------------
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: redis
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
items:
- key: username
path: my-group/my-username
-----------------