secret
secret 三种使用场景
| 类型 | 描述 | 使用场景 |
|---|---|---|
| docker-registry | Create a secret for use with a Docker registry | 拉取镜像时使用的认证信息pods.spec.imagePullSecrets |
| generic | Create a secret from a local file, directory or literal value | 常见的用户名密码信息 |
| tls | Create a TLS secret | SSL证书私钥等文件 |
创建generic类型secret数据
# kubectl create secret generic mysql-root-pwd --from-literal=password=LotusChing
secret/mysql-root-pwd created
# kubectl get secret mysql-root-pwd -o yaml
apiVersion: v1
data:
password: TG90dXNDaGluZw==
kind: Secret
metadata:
creationTimestamp: 2018-09-12T03:17:20Z
name: mysql-root-pwd
namespace: default
resourceVersion: "306862"
selfLink: /api/v1/namespaces/default/secrets/mysql-root-pwd
uid: 5c371179-b63a-11e8-a27b-00163e08c384
type: Opaque
唉,说是加密,其实只能算是编码,很容器反解
➜ ~ echo TG90dXNDaGluZw==|base64 -d
LotusChing
➜ ~ ipython3
In [1]: import base64
In [2]: base64.decodestring('TG90dXNDaGluZw=='.encode())
Out[2]: b'LotusChing'
清单文件
apiVersion: v1
kind: Pod
metadata:
name: myapp-cm-1
namespace: default
labels:
app: test
environment: develop
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: http
protocol: TCP
env:
- name: MYSQL_ROOT_PWD
valueFrom:
secretKeyRef:
name: mysql-root-pwd
key: password
创建并获取配置数据
# kubectl apply -f secret-generic-demo.yaml
pod/myapp-cm-1 created
# kubectl exec -it myapp-cm-1 "/bin/printenv"|grep MYSQL
MYSQL_ROOT_PWD=LotusChing