Pod使用Secret的两种方法:volume与环境变量
创建Secret秘钥
cat playground-secret.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: "mysql_db_secret"
namespace: "default"
data:
mysql-db-name: "cGxheWdyb3VuZA==" # echo -n "playground" | base64 结果 "cGxheWdyb3VuZA=="
mysql-username: "cm9vdA==" # echo -n "root" | base64 结果 "cm9vdA=="
mysql-password: "cm9vdA==" # echo -n "root" | base64 结果 "cm9vdA=="
kubectl apply -f playground-secret.yaml
Secret使用
apiVersion: v1
kind: Pod
metadata:
name: mysql_db_conn_pod
namespace: "default"
labels:
app: "playground"
spec:
volumes:
- name: log
hostPath:
path: "/var/log"
containers:
- name: "app"
image: "app:latest"
imagePullPolicy: Always
env:
- name: MYSQL_DB_NAME
valueFrom:
secretKeyRef:
name: "mysql_db_secret"
key: "mysql-db-name"
optional: false
- name: MYSQL_USERNAME
valueFrom:
secretKeyRef:
name: "mysql_db_secret"
key: "mysql-username"
optional: false
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: "mysql_db_secret"
key: "mysql-password"
optional: false
ports:
- containerPort: 8080
volumeMounts:
- name: log
mountPath: "/var/log"
- name: "db"
image: "mysql:latest"
imagePullPolicy: Always
ports:
- containerPort: 3306
就在pod启动时,容器自动被注入了MYSQL_DB_NAME等环境变量