您好,登錄后才能下訂單哦!
[root@master yaml]# mkdir secret
[root@master yaml]# cd secret/
Secret:用來保存一些敏感信息,比如數(shù)據(jù)庫的用戶名或者密鑰。
查看k8s自帶的名稱空間的密鑰:
kubectl get s1ecrets -n kube-system
舉例:保存數(shù)據(jù)1庫的用戶名和密碼
? 用戶名:root1
? 密碼:123.com
通過 --from-literal(文字的方式):
kubectl create secret generic (通用的,一般的) mysecret1 --from-literal=username=root --from-literal=password=123.com
通過 --from-file(文件的方式):
[root@master secret]# echo root > username
[root@master secret]# echo 123.com > password
[root@master secret]# ls
password username
[root@master secret]# kubectl create secret generic mysecret2 --from-file=username --from-file=password secret/mysecret2 created
驗(yàn)證刪除文件,創(chuàng)建的用戶和密碼還會存在嗎?
[root@master secret]# rm -rf password username
證明還存在
通過 --from-env-file:
[root@master secret]# cat env.txt
username=root
password=123.com
[root@master secret]# kubectl create secret generic mysecret3 --from-env-file=env.txt
secret/mysecret3 created
通過yaml配置文件:
輸出為yaml文件:
kubectl get secrets mysecret1 -o yaml
把需要保存的數(shù)據(jù)加密:
[root@master secret]# echo root | base64
cm9vdAo=
[root@master secret]# echo 123.com | base64
MTIzLmNvbQo=
編寫yaml文件:
[root@master secret]# vim secret4.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysectet4
data:
username: cm9vdAo=
password: MTIzLmNvbQo=
[root@master secret]# kubectl apply -f secret4.yaml
secret/mysectet4 created
解碼:
[root@master secret]# echo -n cm9vdAo= | base64 --decode
root
[root@master secret]# echo -n MTIzLmNvbQo= | base64 --decode
123.com
以Volume掛載的方式:
[root@master secret]# vim pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 300000
volumeMounts:
- name: secret-test
mountPath: "/etc/secret-test"
readOnly: true
volumes:
- name: secret-test
secret:
secretName: mysecret1
[root@master secret]# kubectl apply -f pod.yaml
pod/mypod created
查看是否掛在成功:
[root@master secret]# kubectl exec -it mypod /bin/sh
/ # cd /etc/secret-test/
/etc/secret-test # ls
password username
/etc/secret-test # cat password
123.com/etc/secret-test #
/etc/secret-test # cat username
root/etc/secret-test #
password與username文件只是只讀文件,不能修改:
/etc/secret-test # echo admin > username
/bin/sh: can't create username: Read-only file system
以環(huán)境變量方式:
[root@master secret]# cp pod.yaml pod_env.yaml
[root@master secret]# vim pod_env.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod2
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 300000
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret2
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret2
key: password
[root@master secret]# kubectl apply -f pod_env.yaml
pod/mypod2 created
[root@master secret]# kubectl exec -it mypod2 /bin/sh
/ # echo $SECRET_PASSWORD
123.com
/ # echo $SECRET_USERNAME
root
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。