• kubernetes之secret

    secret 作用: 保管私密数据

    secret使用场景

    1. 创建pod时候, 为pod指定serviceaccount来自动使用secret 
2. 通过挂载该secret到pod来使用它
3. 下载docker镜像, 通过指定pod的spec.ImagePullSecrets来引用
4. 生成变量

    通过挂载该secret到pod来使用它, pod容器里生成文件

    1. 创建secret
    方式一:命令方式创建:kubectl create secret generic myscret --from-literal=username=test --from-literal=password=test -o yaml --dry-run 
方式二: 文件方式:
apiVersion: v1
data:
  password: dGVzdA==
  username: dGVzdA==
kind: Secret
metadata:
  name: myscret

    注意: 密码使用base64方式进行加密, 解密方式:echo dGVzdA== |base64 -d

    1. 挂载
    apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: default 
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1 
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        volumeMounts:
        - name: foo
          mountPath: "/usr/share/nginx/html"
      volumes:
      - name: foo
        secret:
          secretName: myscret

kubectl exec nginx-deployment-68d7ffc4fd-lhwmv cat /usr/share/nginx/html/username
kubectl exec nginx-deployment-68d7ffc4fd-lhwmv cat /usr/share/nginx/html/password 
#会在/usr/share/nginx/html生成文件

    生成变量

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: default 
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1 
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        env:
        - name: Nginx_username
          valueFrom:
            secretKeyRef:
              name: myscret
              key: username 
        - name: Nginx_password
          valueFrom:
            secretKeyRef:
              name: myscret
              key: password

    docker pull image

    #kubectl create secret docker-registry myaliyun --docker-server registry.cn-hangzhou.aliyuncs.com --docker-username ${your_username} --docker-password ${your_password} --docker-email ${your_email}  -o yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: default 
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1 
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
      imagePullSecrets:
      - name: myaliyun
  • 相关阅读:
    tar打包如何不打包某一个文件夹(排除某些文件夹)
    第一个SpringBoot应用
    Linux(以RHEL7为例)下添加工作区的方法|| The Way To Add Workspace On Linux
    Linux(以centos7为例)下自动挂载NTFS硬盘
    基于Moodle的IT课程辅助教育平台搭建
    搭建基于python +opencv+Beautifulsoup+Neurolab机器学习平台
    如何利用word2013写图文并茂的博客
    如何安装win10+Red Hat Enterprise Linux双系统?
    课堂练习:ex 4-20
    实验二 函数重载、函数模板、简单类的定义和实现
  • 原文地址:https://www.cnblogs.com/lovelinux199075/p/11265395.html
Copyright © 2020-2023  润新知