这种特殊的 Volume,叫作 Projected Volume,你可以把它翻译为“投射数据卷”。
apiVersion: v1
kind: Pod
metadata:
name: test-projected-volume
spec:
containers:
- name: test-secret-volume
image: busybox
args:
- sleep
- "86400"
volumeMounts:
- name: mysql-cred
mountPath: "/projected-volume"
readOnly: true
volumes:
- name: mysql-cred
projected:
sources:
- secret:
name: user
- secret:
name: pass
这里用到的数据库的用户名、密码,正是以 Secret 对象的方式交给 Kubernetes 保存的。完成这个操作的指令,如下所示:
[root@dock01 ~]# cat username.txt
admin
[root@dock01 ~]# cat password.txt
c1oudc0w!
$ cat ./username.txt
admin
$ cat ./password.txt
c1oudc0w!
$ kubectl create secret generic user --from-file=./username.txt
$ kubectl create secret generic pass --from-file=./password.txt
其中,username.txt 和 password.txt 文件里,存放的就是用户名和密码;
而 user 和 pass,则是我为 Secret 对象指定的名字。
而我想要查看这些 Secret 对象的话,只要执行一条 kubectl get 命令就可以了:
$ kubectl get secrets
NAME TYPE DATA AGE
user Opaque 1 51s
pass Opaque 1 51s
[root@dock01 ~]# kubectl delete -f test-projected-volume1.yaml
Error from server (NotFound): error when deleting "test-projected-volume1.yaml": pods "test-projected-volume" not found
$ kubectl create -f test-projected-volume.yaml
[root@dock01 ~]# kubectl create -f test-projected-volume1.yaml
pod/test-projected-volume created
$ kubectl exec -it test-projected-volume -- /bin/sh
$ ls /projected-volume/
user
pass
$ cat /projected-volume/user
root
$ cat /projected-volume/pass
1f2d1e2e67df
[root@dock01 ~]# kubectl get pods test-projected-volume -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test-projected-volume 1/1 Running 0 119s 10.36.0.7 dock03 <none> <none>
[root@dock01 ~]# kubectl describe pod test-projected-volume
Name: test-projected-volume
Namespace: default
Priority: 0
Node: dock03/192.168.137.102
Start Time: Thu, 21 Jan 2021 14:00:46 +0800
dock03:/root#docker ps -a | grep test-projected-volume
3e0ef256b7ca busybox "sleep 86400" 5 minutes ago Up 5 minutes k8s_test-secret-volume01_test-projected-volume_default_6e92ecf6-df0e-403e-897d-9bb50dbb97de_0
$ kubectl exec -it test-projected-volume -- /bin/sh
$ ls /projected-volume/
user
pass
$ cat /projected-volume/user
root
$ cat /projected-volume/pass
1f2d1e2e67df