Home > Archives > Secret示例

Secret示例

Publish:

echo -n "root" > username.txt
echo -n "rootpass" > password.txt

kubectl create secret generic demo-secret-from-file --from-file=./username.txt --from-file=./password.txt
kubectl describe secrets demo-secret-from-file
kubectl get secret

---
kubectl create secret generic demo-secret-from-literal --from-literal=username=root --from-literal=password=rootpass
kubectl describe secret demo-secret-from-literal

---
echo -n "root" | base64
echo -n "rootpass" | base64

# my-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: demo-secret-from-yaml
type: Opaque
data:
  username: cm9vdA==
  password: cm9vdHBhc3M=
  
kubectl create -f my-secret.yaml
kubectl get secrets

---
# my-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  labels:
    app: webserver
spec:
  containers:
  - name: demo-pod
    image: baoguoding/demo
    ports:
    - containerPort: 3000
    env:
    - name: SECRET_USERNAME
      valueFrom:
        secretKeyRef:
          name: demo-secret-from-yaml
          key: username
    - name: SECRET_PASSWORD
      valueFrom:
        secretKeyRef:
          name: demo-secret-from-yaml
          key: password
		  
kubectl create -f my-pod.yaml
kubectl get pods
kubectl exec -it my-pod sh
echo $SECRET_USERNAME
echo $SECRET_PASSWORD

---
# my-pod-with-mounting-secret.yaml
apiVersion: v1
kind: Pod
metadata:
  name: my-pod-with-mounting-secret
  labels:
    app: webserver
spec:
  containers:
  - name: demo-pod
    image: baoguoding/demo
    ports:
    - containerPort: 3000
    volumeMounts:
    - name: secret-volume
      mountPath: /etc/creds
      readOnly: true
  volumes:
  - name: secret-volume
    secret:
      secretName: demo-secret-from-yaml

kubectl create -f my-pod-with-mounting-secret.yaml
kubectl exec -it <pod-name> sh
ls /etc/creds
echo "$(cat /etc/creds/username)"
echo "$(cat /etc/creds/password)"

参考

声明: 本文采用 BY-NC-SA 授权。转载请注明转自: Ding Bao Guo