kubernetes之十一: Secret 使用
2021-01-11 13:33
标签:restart items read password contain 两种 file div Opens Secret 使用类似于 ConfigMap,支持两种形式的使用: 为啥还要 Secret? Secret 顾名思义,是用于存储加密数据的 案例1: 创建通用的secret 案例2: 创建docker-registry 案例3: 创建tls的secret 挂载方式 1)通过环境变量的方式 2)通过volumemount挂载 kubernetes之十一: Secret 使用 标签:restart items read password contain 两种 file div Opens 原文地址:https://www.cnblogs.com/louis2008/p/kubernetes-secret.html
[root@master01 template]# kubectl create secret
Create a secret using specified subcommand.
Available Commands:
docker-registry Create a secret for use with a Docker registry
generic Create a secret from a local file, directory or literal value
tls Create a TLS secret
kubectl create secret generic nginx-ssl --from-file=ca.key
--from-file=ca.cert
kubectl create secret docker-registry my-secret --docker-server=192.168.31.112 --docker-username=admin --docker-password=123456
--docker-email=it@aa.com -n test
openssl genrsa -out rest.key 2048
openssl req -new -x509 -key rest.key -out rest.crt -subj /C=CN/ST=Beijing/L=Biejing/O=DevOpes/CN=restapi.aa.com
kubectl create secret tls --cert=rest.crt --key=rest.key
apiVersion: v1
kind: Pod
metadata:
name: secret1-pod
spec:
containers:
- name: secret1
image: busybox
command: [ "/bin/sh", "-c", "env" ]
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
[root@k8s-master01 ~]# kubectl create secret generic shibo-secret --from-file=./username.txt --from-file=./password.txt
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: shibo-secret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: shibo-secret
key: password
restartPolicy: Never
volumeMounts:
- mountPath: /home/nginx/nginx/conf/cert/
name: nginx-ssl
volumes:
- name: nginx-ssl
secret:
secretName: nginx-ssl
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: redis
volumeMounts:
- name: data
mountPath: "/etc/data"
readOnly: true
volumes:
- name: data
secret:
secretName: shibo-secret
items:
- key: username
path: my-group/my-username
需要注意,在这种情况下:
username 存储在 /etc/data/my-group/my-username中