可以通过三种方式使用Secret
- 通过挂在方式挂在Secret到Pod中使用它
- 通过
# 创建文件[root@master01 echo -n 'admin' > ./username.txt[root@master01 echo -n 'qwerqwer123123' > ./password.txt# 查看帮助文档[root@master01 secret-file]# kubectl create secret --help# 基于file创建secret,使用generic创建出的Secret类型为Opaque[root@master01 secret-file]# kubectl create secret generic db-user-info --from-file=./username.txt --from-file=./password.txtsecret/db-user-info created查看[root@master01 secret-file]# kubectl get secrets db-user-info -oyamlapiVersion: v1data:password.txt: cXdlcnF3ZXIxMjMxMjM=username.txt: YWRtaW4=kind: Secretmetadata:creationTimestamp: "2022-04-05T23:08:11Z"name: db-user-infonamespace: defaultresourceVersion: "837054"uid: eabe607c-27fc-4611-92c6-fce4cc24f030type: Opaquedata中的数据经base64加密存储,可直接解密[root@master01 secret-file]# echo "cXdlcnF3ZXIxMjMxMjM=" | base64-dqwerqwer1231232.1.2、from-literal基于字面意思上的命令行中指定好key和value创建Secret[root@master01 secret-file]# kubectl create secret generic secret-from-literal --from-literal=username=admin --from-literal=passsword=123456secret/secret-from-literal created查看[root@master01 secret-file]# kubectl get secrets secret-from-literal -oyamlapiVersion: v1data:passsword: MTIzNDU2username: YWRtaW4=kind: Secretmetadata:creationTimestamp: "2022-04-05T23:19:02Z"name: secret-from-literalnamespace: defaultresourceVersion: "838616"uid: ebb95a99-8cbf-48fd-a651-60e12cd30110type: Opaque2.1.3、基于yaml文件创建- 需要将data使用base64提前加密好,必须基于秘文创建
- 也可以使用stringData基于明文创建secret
apiVersion: v1kind: Secretmetadata:name: my-secret-from-yamlnamespace: defaulttype: Opaquedata:username: YWRtaW4=password: MWYyZDFlMmU2N2Rm创建[root@master01 secret-file]# kubectl apply -f secret-user-info.yamlsecret/my-secret-from-yaml created查看[root@master01 secret-file]# kubectl get secrets my-secret-from-yaml -o yamlapiVersion: v1data:password: MWYyZDFlMmU2N2Rmusername: YWRtaW4=kind: Secretmetadata:annotations:kubectl.kubernetes.io/last-applied-configuration: |{"apiVersion":"v1","data":{"password":"MWYyZDFlMmU2NRm","username":"YWRW4="},"kind":"Secret","metadata":{"annotations":{},"name":"my-secret-from-yaml","namespace":"default"},"type":"Opaque"}creationTimestamp: "2022-04-05T23:28:27Z"name: my-secret-from-yamlnamespace: defaultresourceVersion: "839971"uid: eb3acb4d-edf2-4ac0-9373-e7a931a1a559type: Opaque基于明文创建使用
stringData关键字可以基于明文创建,因为不安全所以不推荐 。apiVersion: v1kind: Secretmetadata:name: secret-basic-authtype: kubernetes.io/basic-authstringData:username: admin#kubernetes.io/basic-auth 类型的必需字段password: t0p-Secret # kubernetes.io/basic-auth 类型的必需字段2.1.4、from-env-file用法和cm的from-env-file类似[root@master01 secret-file]# cat ./secret-env-file.txtusername=adminpassword=123456[root@master01 secret-file]# kubectl get secrets secret-from-env -oyamlapiVersion: v1data:password: MTIzNDU2username: YWRtaW4=kind: Secretmetadata:creationTimestamp: "2022-04-05T23:39:47Z"name: secret-from-envnamespace: defaultresourceVersion: "841608"uid: efaf7ad6-2ded-4544-93f8-5efabd2ca449type: Opaque2.2、实战2.2.1、配置阿里云私有仓库密钥
文章插图
给kubelet配置私有云下载Docker镜像的账号密码
# 查看帮助文档[root@master01 secret-file]# kubectl create secret docker-registry -h# 将username、password、email修改成自己的[root@master01 secret-file]# kubectl create secret docker-registry brm-alicloud-docker-secret --docker-username=xxxx --docker-password=xxx --docker-email=xxx@qq.com--docker-server=registry.cn-hangzhou.aliyuncs.com查看(data中的dockerconfigjson) 同样可以使用base64解码看到一个json串[root@master01 secret-file]# kubectl get secrets brm-alicloud-docker-secret -oyamlapiVersion: v1data:.dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeS5jbi1oYW5nemhvdS5hbGl5dW5jcy5jb20iOnsidXNlcm5hbWUiOiLmnLHmmIzmraYyMjMzIiwicGFzc3dvcmQiOiJxd2VyMTAxMC4uIiwiZW1haWwiOiI2NDY0NTAzMDhAcXEuY29tIiwiYXV0aCI6IjVweXg1cGlNNXEybU1qSXpNenB4ZDJWeU1UQXhNQzR1In19fQ==kind: Secretmetadata:creationTimestamp: "2022-04-06T00:04:17Z"name: brm-alicloud-docker-secretnamespace: defaultresourceVersion: "845134"uid: 6e7bd04e-621c-4da8-8649-99c0ebffcee9type: kubernetes.io/dockerconfigjson
推荐阅读
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 1分钟完成在线测试部署便捷收集班级同学文件的web管理系统
- RHCE习题
- 红米note10怎么更新系统_系统更新教程
- 重新整理 .net core 实践篇 ———— linux上性能排查 [外篇]
- k8s 中的 ingress 使用细节
- 重新整理 .net core 实践篇 ———— linux上排查问题实用工具 [外篇]
- 第2-1-1章 FastDFS分布式文件服务背景及系统架构介绍
- 华为nova8SE可以升级鸿蒙系统吗_华为nova8SE能不能升级鸿蒙系统
- 基于 Docker 构建轻量级 CI 系统:Gitea 与 Woodpecker CI 集成
- BI系统打包Docker镜像及部署的技术难度和实现
