Kubernetes Secret (secret storage)

Kubernetes Secret (secret storage)

The official document: https: //kubernetes.io/docs/concepts/configuration/secret/

• And encrypted data storage Etcd, so that the container mount Volume Pod access.
• Scenario: credentials

Create a user password via a text file

1, create a user name and password file

echo -n 'admin' > ./username.txt
echo -n '1f2d1e2e67df' > ./password.txt

2, create a user name and password by file

kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt

3, create a user name and password to view
kubectl get secret

NAME TYPE DATA AGE
db-user-pass Opaque 2 37s

4. View details
kubectl describe secret db-user-pass

Name: db-user-pass
Namespace: default
Labels: <none>
Annotations: <none>

Type: Opaque

Data
====
password.txt: 12 bytes
username.txt: 5 bytes

Create a user name and password file by yaml

1, encoded user name and password

echo -n 'admin' | base64
echo -n '1f2d1e2e67df' | base64

2, create a file vim user.yaml yaml

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm

3, create a user name and password

kubectl create -f user.yaml

4, see Create a user
kubectl get secret

NAME TYPE DATA AGE
db-user-pass Opaque 2 5m42s
mysecret Opaque 2 18s

Introduced into the container through the environment variable

1. Create a file yaml
vim secret-var.yaml

apiVersion: v1 
kind: Pod 
the Metadata: 
  name: mypod 
spec: 
  Containers:
   - name: nginx 
    Image: nginx 
    env: 
      # environment variable name: User 
      - name: SECRET_USERNAME 
        the valueFrom: 
          # Select Input secret user 
          secretKeyRef: 
            name: MySecret 
            Key: username 
      # environment variable name: password 
      - name: SECRET_PASSWORD 
        the valueFrom: 
          # select input secret password 
          secretKeyRef: 
            name: MySecret 
            Key: password

2, create a container

kubectl createTextNode f secret-var.yaml

3, see Creating container
kubectl get pods

NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 23s

4, into the container to view variable

kubectl exec -it mypod bash

root@mypod:/# echo $SECRET_USERNAME
admin
root@mypod:/# echo $SECRET_PASSWORD
1f2d1e2e67df

By volume mount Username Password

1. Create a file yaml

vim secret-vol.yaml

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: nginx
    image: nginx
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
      readOnly: true
  volumes:
  - name: foo
    secret:
      # 创建的secret
      secretName: mysecret

2, create a container

kubectl create -f secret-vol.yaml

3. Check the container
kubectl get pod

NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 46s

4, into the container to view
kubectl exec -it mypod bash

root@mypod:/# ls /etc/foo/
password username
root@mypod:/# cat /etc/foo/password 
1f2d1e2e67dfroot@mypod:/# cat /etc/foo/username 
adminroot@mypod:/#