Kubernetes Secret (secret storage)
The official document: https: //kubernetes.io/docs/concepts/configuration/secret/
- And encrypted data storage Etcd, so that the container mount Volume Pod access.
- Scenario: credentials
Create a user password via a text file
1, create a user name and password file
echo -n 'admin' > ./username.txt echo -n '1f2d1e2e67df' > ./password.txt
2, create a user name and password by file
kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt
3, create a user name and password to view
kubectl get secret
NAME TYPE DATA AGE db-user-pass Opaque 2 37s
4. View details
kubectl describe secret db-user-pass
Name: db-user-pass Namespace: default Labels: <none> Annotations: <none> Type: Opaque Data ==== password.txt: 12 bytes username.txt: 5 bytes
Create a user name and password file by yaml
1, encoded user name and password
echo -n 'admin' | base64 echo -n '1f2d1e2e67df' | base64
2, create a file vim user.yaml yaml
apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: username: YWRtaW4= password: MWYyZDFlMmU2N2Rm
3, create a user name and password
kubectl create -f user.yaml
4, see Create a user
kubectl get secret
NAME TYPE DATA AGE db-user-pass Opaque 2 5m42s mysecret Opaque 2 18s
Introduced into the container through the environment variable
1. Create a file yaml
vim secret-var.yaml
apiVersion: v1 kind: Pod the Metadata: name: mypod spec: Containers: - name: nginx Image: nginx env: # environment variable name: User - name: SECRET_USERNAME the valueFrom: # Select Input secret user secretKeyRef: name: MySecret Key: username # environment variable name: password - name: SECRET_PASSWORD the valueFrom: # select input secret password secretKeyRef: name: MySecret Key: password
2, create a container
kubectl createTextNode f secret-var.yaml
3, see Creating container
kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 23s
4, into the container to view variable
kubectl exec -it mypod bash
root@mypod:/# echo $SECRET_USERNAME admin root@mypod:/# echo $SECRET_PASSWORD 1f2d1e2e67df
By volume mount Username Password
1. Create a file yaml
vim secret-vol.yaml
apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: nginx image: nginx volumeMounts: - name: foo mountPath: "/etc/foo" readOnly: true volumes: - name: foo secret: # 创建的secret secretName: mysecret
2, create a container
kubectl create -f secret-vol.yaml
3. Check the container
kubectl get pod
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 46s
4, into the container to view
kubectl exec -it mypod bash
root@mypod:/# ls /etc/foo/ password username root@mypod:/# cat /etc/foo/password 1f2d1e2e67dfroot@mypod:/# cat /etc/foo/username adminroot@mypod:/#