2. it
  3. kubernetes之secret

kubernetes之secret

mac2022-06-30  31

secret 作用: 保管私密数据

secret使用场景

1. 创建pod时候, 为pod指定serviceaccount来自动使用secret 2. 通过挂载该secret到pod来使用它 3. 下载docker镜像, 通过指定pod的spec.ImagePullSecrets来引用 4. 生成变量

通过挂载该secret到pod来使用它, pod容器里生成文件

创建secret 方式一:命令方式创建:kubectl create secret generic myscret --from-literal=username=test --from-literal=password=test -o yaml --dry-run 方式二: 文件方式: apiVersion: v1 data: password: dGVzdA== username: dGVzdA== kind: Secret metadata: name: myscret

注意: 密码使用base64方式进行加密, 解密方式:echo dGVzdA== |base64 -d

挂载 apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment namespace: default labels: app: nginx spec: selector: matchLabels: app: nginx replicas: 1 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.12 imagePullPolicy: IfNotPresent ports: - containerPort: 80 volumeMounts: - name: foo mountPath: "/usr/share/nginx/html" volumes: - name: foo secret: secretName: myscret kubectl exec nginx-deployment-68d7ffc4fd-lhwmv cat /usr/share/nginx/html/username kubectl exec nginx-deployment-68d7ffc4fd-lhwmv cat /usr/share/nginx/html/password #会在/usr/share/nginx/html生成文件

生成变量

apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment namespace: default labels: app: nginx spec: selector: matchLabels: app: nginx replicas: 1 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.12 imagePullPolicy: IfNotPresent ports: - containerPort: 80 env: - name: Nginx_username valueFrom: secretKeyRef: name: myscret key: username - name: Nginx_password valueFrom: secretKeyRef: name: myscret key: password

docker pull image

#kubectl create secret docker-registry myaliyun --docker-server registry.cn-hangzhou.aliyuncs.com --docker-username ${your_username} --docker-password ${your_password} --docker-email ${your_email} -o yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment namespace: default labels: app: nginx spec: selector: matchLabels: app: nginx replicas: 1 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.12 imagePullPolicy: IfNotPresent ports: - containerPort: 80 imagePullSecrets: - name: myaliyun

转载于:https://www.cnblogs.com/lovelinux199075/p/11265395.html

最新回复(0)