秘密可以定义为用于存储敏感数据的Kubernetes对象,例如用户名和密码加密.
在Kubernetes中有多种创建秘密的方法.
从txt文件创建.
从yaml文件创建.
为了从文本文件(如用户名和密码)创建机密,我们首先需要将它们存储在txt文件中,使用以下命令.
$ kubectl create secret generic tomcat-passwd –-from-file = ./username.txt –fromfile = ./. password.txt
apiVersion: v1 kind: Secret metadata: name: tomcat-pass type: Opaque data: password: <User Password> username: <User Name>
$ kubectl create –f Secret.yaml secrets/tomcat-pass
一旦我们创建了秘密,它就可以了在pod或复制控制器中消耗为 :
环境变量
卷
为了将秘密用作环境变量,我们将使用 env 在pod yaml文件的spec部分下.
env: - name: SECRET_USERNAME valueFrom: secretKeyRef: name: mysecret key: tomcat-pass
spec: volumes: - name: "secretstest" secret: secretName: tomcat-pass containers: - image: tomcat:7.0 name: awebserver volumeMounts: - mountPath: "/tmp/mysec" name: "secretstest"
apiVersion: v1 kind: ReplicationController metadata: name: appname spec: replicas: replica_count template: metadata: name: appname spec: nodeSelector: resource-group: containers: - name: appname image: imagePullPolicy: Always ports: - containerPort: 3000 env: -----------------------------> 1 - name: ENV valueFrom: configMapKeyRef: name: appname key: tomcat-secrets
在上面的代码中, env defi下我们在复制控制器中使用秘密作为环境变量.
apiVersion: v1 kind: pod metadata: name: appname spec: metadata: name: appname spec: volumes: - name: "secretstest" secret: secretName: tomcat-pass containers: - image: tomcat: 8.0 name: awebserver volumeMounts: - mountPath: "/tmp/mysec" name: "secretstest"