为什么在不需要configmaps的情况下k8s机密需要使用base64编码? [英] Why does k8s secrets need to be base64 encoded when configmaps does not?
问题描述
为什么在不需要configmaps的情况下,k8s的机密需要使用base64编码?
Why does k8s secrets need to be base64 encoded when configmaps does not?
创建configmap时,您只需执行以下操作即可:
When creating a configmap you simply do somthing like this:
apiVersion: v1
kind: ConfigMap
metadata:
name: my-configmap
data:
SOME_KEY: a string value
但是,当您想创建一个秘密时,您必须
echo -n "some secret string" | base64
,然后将其结果保存在文件中,如下所示:
But when you want to create a secret you have to
echo -n "some secret string" | base64
and then put the result of that in a file looking something like this:
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
SOME_KEY: c29tZSBzZWNyZXQgc3RyaW5n
我真的想知道为什么会有这种区别吗? kubernetes的秘密仅仅是base64编码的字符串吗?我希望机密会以加密方式存储在kubernetes中.
I really wonder why there is this difference? Are kubernetes secrets simply base64 encoded strings? I would expect that secrets were stored encrypted in kubernetes.
推荐答案
秘密可以包含二进制数据(类型为map[string][]byte
),并且字节数组在JSON序列化中为base64编码.
Secrets can contain binary data (the type is map[string][]byte
), and byte arrays are base64-encoded in JSON serialization.
ConfigMaps仅包含字符串数据(类型为map[string]string
),因此JSON序列化仅输出字符串.
ConfigMaps only contain string data (the type is map[string]string
), so the JSON serialization just outputs the string.
在1.10版本中,ConfigMaps具有一个新的binaryData
字段,该字段允许存储二进制数据,该二进制数据是base64编码的,就像机密一样. https://github.com/kubernetes/kubernetes/pull/57938
In 1.10, ConfigMaps have a new binaryData
field that allows storing binary data, which is base64-encoded, just like secrets. https://github.com/kubernetes/kubernetes/pull/57938
这篇关于为什么在不需要configmaps的情况下k8s机密需要使用base64编码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!