k8s学习(十五)Secret的使用

• 前言
• 一、创建Secret
• 二、使用Secret

。

1、base64加密

[root@k8s-master k8s]# echo -n "root" | base64
cm9vdA==
[root@k8s-master k8s]# echo -n "root123" | base64
cm9vdDEyMw==

2、secret.yaml

[root@k8s-master k8s]# cat secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: secret-test
data:
  username: cm9vdA==
  password: cm9vdDEyMw==

3、创建

[root@k8s-master k8s]# kubectl create -f secret.yaml
secret/secret-test created

4、查看secret

[root@k8s-master k8s]# kubectl get secret
NAME                                      TYPE                                  DATA   AGE
secret-test                               Opaque                                2      8s

5、查看secret详细信息

[root@k8s-master k8s]# kubectl describe secret secret-test
Name:         secret-test
Namespace:    default
Labels:       
Annotations:  

Type:  Opaque

Data
====
password:  7 bytes
username:  4 bytes

1、设置环境变量

（1） secret-env.yaml

[root@k8s-master k8s]# cat secret-env.yaml
apiVersion: v1
kind: Pod
metadata:
  labels:
    app: secret-env
  name: secret-env
spec:
  containers:
  - image: busybox
    name: secret-env
    command: [ "/bin/sh", "-c", "env" ]
    envFrom:
    - secretRef:
        name: secret-test

（2）创建

[root@k8s-master k8s]# kubectl create -f secret-env.yaml
pod/secret-env created

（3）查看日志

[root@k8s-master k8s]# kubectl logs secret-env
NGINX_SERVICE_NODEPORT_PORT=tcp://10.106.65.70:80
NGINX_SERVICE_NODEPORT_SERVICE_PORT=80
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
HOSTNAME=secret-env
SHLVL=1
username=root
password=root123

2、用作命令行参数

（1） secret-cmd.yaml

[root@k8s-master k8s]# cat secret-cmd.yaml
apiVersion: v1
kind: Pod
metadata:
  labels:
    app: secret-cmd
  name: secret-cmd
spec:
  containers:
  - image: busybox
    name: secret-cmd
    command: [ "/bin/sh", "-c", "echo ${PASSWORD}" ]
    env:
    - name: PASSWORD
      valueFrom:
        secretKeyRef:
          name: secret-test
          key: password

（2）创建

[root@k8s-master k8s]# kubectl create -f secret-cmd.yaml
pod/secret-cmd created

（3）查看日志

[root@k8s-master k8s]# kubectl logs secret-cmd
root123

3、作为文件挂载

（1）secret-volume.yaml

rootroot123[root@k8s-master k8s]# cat secret-volume.yaml
apiVersion: v1
kind: Pod
metadata:
  labels:
    app: secret-volume
  name: secret-volume
spec:
  volumes:
  - name: secrets
    secret:
      secretName: secret-test
  containers:
  - image: busybox
    name: secret-volume
    command: [ "/bin/sh", "-c", "cat /etc/secrets/username; cat /etc/secrets/password" ]
    volumeMounts:
    - name: secrets
      mountPath: "/etc/secrets"
      readOnly: true

（2）创建

[root@k8s-master k8s]# kubectl create -f secret-volume.yaml
pod/secret-volume created

（3）查看日志

pod/secret-volume created
[root@k8s-master k8s]# kubectl logs secret-volume
rootroot123