创建并查看其中的secret
[root@master sec]# kubectl create secret generic mysecret1 --from-literal=password1=redhat1 --from-literal=password2=redhat2
secret/mysecret1 created
[root@master sec]#
[root@master sec]# kubectl get secrets
NAME TYPE DATA AGE
default-token-cj6f5 kubernetes.io/service-account-token 3 5d19h
mysecret1 Opaque 2 44s
[root@master sec]#
[root@master sec]# kubectl describe secrets mysecret1
Name: mysecret1
Namespace: sec
Labels:
Annotations:
Type: Opaque
Data
====
password1: 7 bytes
password2: 7 bytes
[root@master sec]#
以yaml文件输出创建内容【含参数解析】
- 语法:
kubectl get secrets secret_name -o yaml1
[root@master sec]# kubectl get secrets mysecret1 -o yaml
apiVersion: v1
data:
下面就是定义的值密码了【其实我们设置的是redhat1和redhat2,在文件中就显示为被加密过的值了
password1: cmVkaGF0MQ==
password2: cmVkaGF0Mg==
kind: Secret
metadata:
creationTimestamp: “2021-08-30T03:13:56Z”
name: mysecret1
namespace: sec
resourceVersion: “7298993”
selfLink: /api/v1/namespaces/sec/secrets/mysecret1
uid: cd04d95a-b10d-4c7a-97ec-ff89f4df0598
type: Opaque
[root@master sec]#
- 其中存储的信息被base64编码过,可以解码检查一下是不是保存的密码redhat1【data下面的值】:
语法:echo data值 | base64 -d
[root@master sec]# echo cmVkaGF0MQ== | base64 -d
redhat1[root@master sec]#
[root@master sec]#
[root@master sec]# echo cmVkaGF0Mq== | base64 -d
redhat2[root@master sec]#
[root@master sec]#
- 以json格式验证密码【这个复杂了,用上面方法验证省事得多】
[root@master sec]# kubectl get secrets mysecret1 -o jsonpath={.data.password1} | base64 -d
redhat1[root@master sec]#
[root@master sec]# kubectl get secrets mysecret1 -o jsonpath={.data.password2} | base64 -d
redhat2[root@master sec]#
方式2:文件的方式
系统文件创建并查看其中的secret
- 我们以hosts文件来创建,如下【就不解释代码了,看不懂的看上面一步里面的说明哦】
[root@master sec]# kubectl create secret generic mysecret2 --from-file=/etc/hosts
secret/mysecret2 created
[root@master sec]#
[root@master sec]# kubectl get secrets mysecret2 -o yaml
apiVersion: v1
data:
hosts: MTI3LjAuMC4xICAgbG9jYWxob3N0IGxvY2FsaG9zdC5sb2NhbGRvbWFpbiBsb2NhbGhvc3Q0IGxvY2FsaG9zdDQubG9jYWxkb21haW40Cjo6MSAgICAgICAgIGxvY2FsaG9zdCBsb2NhbGhvc3QubG9jYWxkb21haW4gbG9jYWxob3N0NiBsb2NhbGhvc3Q2LmxvY2FsZG9tYWluNgoKMTkyLjE2OC41OS4xNDIgbWFzdGVyCjE5Mi4xNjguNTkuMTQzIG5vZGUxCjE5Mi4xNjguNTkuMTQ0IG5vZGUyCgo=
kind: Secret
metadata:
creationTimestamp: “2021-08-30T03:28:48Z”
name: mysecret2
namespace: sec
resourceVersion: “7300718”
selfLink: /api/v1/namespaces/sec/secrets/mysecret2
uid: 8896a43e-67be-47e2-96d8-e677ddecf3ae
type: Opaque
[root@master sec]#
[root@master sec]# kubectl get secrets mysecret2 -o jsonpath={.data.hosts} | base64 -d
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.59.142 master
192.168.59.143 node1
192.168.59.144 node2
[root@master sec]#
自定义文件并查看其中的secret
- 现在来个自定义的【这个和方式1差不多了】
[root@master sec]# cat env.txt
user=ccx
password1=redhat1
password2=redhat2
[root@master sec]# kubectl create secret generic mysecret4 --from-env-file=env.txt
secret/mysecret4 created
[root@master sec]# kubectl get secrets mysecret4
NAME TYPE DATA AGE
mysecret4 Opaque 3 17s
[root@mas