echo -n "root" > username.txt
echo -n "rootpass" > password.txt
kubectl create secret generic demo-secret-from-file --from-file=./username.txt --from-file=./password.txt
kubectl describe secrets demo-secret-from-file
kubectl get secret
---
kubectl create secret generic demo-secret-from-literal --from-literal=username=root --from-literal=password=rootpass
kubectl describe secret demo-secret-from-literal
---
echo -n "root" | base64
echo -n "rootpass" | base64
# my-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: demo-secret-from-yaml
type: Opaque
data:
username: cm9vdA==
password: cm9vdHBhc3M=
kubectl create -f my-secret.yaml
kubectl get secrets
---
# my-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: my-pod
labels:
app: webserver
spec:
containers:
- name: demo-pod
image: baoguoding/demo
ports:
- containerPort: 3000
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: demo-secret-from-yaml
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: demo-secret-from-yaml
key: password
kubectl create -f my-pod.yaml
kubectl get pods
kubectl exec -it my-pod sh
echo $SECRET_USERNAME
echo $SECRET_PASSWORD
---
# my-pod-with-mounting-secret.yaml
apiVersion: v1
kind: Pod
metadata:
name: my-pod-with-mounting-secret
labels:
app: webserver
spec:
containers:
- name: demo-pod
image: baoguoding/demo
ports:
- containerPort: 3000
volumeMounts:
- name: secret-volume
mountPath: /etc/creds
readOnly: true
volumes:
- name: secret-volume
secret:
secretName: demo-secret-from-yaml
kubectl create -f my-pod-with-mounting-secret.yaml
kubectl exec -it <pod-name> sh
ls /etc/creds
echo "$(cat /etc/creds/username)"
echo "$(cat /etc/creds/password)"
参考