在kubernetes中创建SSH密钥文件 [英] Creating ssh secrets key file in kubernetes
问题描述
如果我使用kubectl从id_rsa文件中创建秘密,则为:
kubectl create secret generic hcom-secret --from-file=ssh-privatekey=./.ssh/id_rsa
然后将秘密安装到容器中
"volumeMounts": [
{"name": "cfg", "readOnly": false, "mountPath": "/home/hcom/.ssh"}
]
"volumes": [
{"name": "cfg", "secret": { "secretName": "hcom-ssh" }}
],
生成的文件不是id_rsa,而是ssh-privatekey,其上的许可不是ssh期望的600
这是正确的方法吗,还是任何人都可以详细说明应如何做?
Kubernetes官方机密文档涵盖了 到目前为止,Kubernetes实际上还没有一种控制秘密文件权限的方法,但是最近的拉取请求" 确实增加了更改机密路径的支持.根据此评论 ,此支持已随 以下是与权限相关的Github问题: If i create a secret from an id_rsa file using kubectl as: And then mount the secret into the container The resultant file is not id_rsa but ssh-privatekey and the permits that are on it are not 600 which ssh expects Is this a correct approach, or can anyone please detail how this should be done? The official Kubernetes docs for secrets cover this exact use-case. To create the secret, use: To mount the secret in your containers, use the following Pod config: Kubernetes doesn't actually have a way to control file permissions for a secret as of now, but a recent Pull Request did add support for changing the path of secrets. This support was added with Here are the permissions related Github Issues: 这篇关于在kubernetes中创建SSH密钥文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!1.3
添加. >
kubectl create secret generic hcom-secret --from-file=ssh-privatekey=./.ssh/id_rsa
"volumeMounts": [
{"name": "cfg", "readOnly": false, "mountPath": "/home/hcom/.ssh"}
]
"volumes": [
{"name": "cfg", "secret": { "secretName": "hcom-ssh" }}
],
$ kubectl create secret generic my-secret --from-file=ssh-privatekey=/path/to/.ssh/id_rsa --from-file=ssh-publickey=/path/to/.ssh/id_rsa.pub
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "secret-test-pod",
"labels": {
"name": "secret-test"
}
},
"spec": {
"volumes": [
{
"name": "secret-volume",
"secret": {
"secretName": "my-secret"
}
}
],
"containers": [
{
"name": "ssh-test-container",
"image": "mySshImage",
"volumeMounts": [
{
"name": "secret-volume",
"readOnly": true,
"mountPath": "/etc/secret-volume"
}
]
}
]
}
}
1.3
as per this comment