Use of Secret object Kubernetes

Others 2019-09-28 11:15:56 views: null

Secret can encrypt the data you want to access, store to Etcd then Volume Pod by way of access to information Secret saved, every time when data modification, Pod Secret mount the file will be modified, in particular, used to store the password for account

First, create an object Secret

1. Create a file

Two files, and are username.txt password.txt

echo "chenqionghe" > ./username.txt
echo "111111" > ./password.txt

create

kubectl create secret generic user --from-file=./username.txt
kubectl create secret generic pass --from-file=./password.txt

2. Create a yaml

Note: The value must be base64 transcoding

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  user:  Y2hlbnFpb25naGUK
  pass: MTExMTExCg==

create

kubectl apply -f mysecret.yaml

Second, obtaining secret objects

root@VM-0-8-ubuntu:/home/ubuntu/project-volume# kubectl get secrets
NAME TYPE DATA AGE
default-token-gqfrx kubernetes.io/service-account-token 3 20d
mysecret Opaque 2 1m
pass Opaque 1 6m
user Opaque 1 6m

Third, by using the secret pod example

Projected volume is here designated type, reference is secret and Pass the user, the mount path / projected-volume

apiVersion: v1
kind: Pod
metadata:
  name: test-projected-volume 
spec:
  containers:
  - name: test-secret-volume
    image: busybox
    args:
    - sleep
    - "86400"
    volumeMounts:
    - name: mysql-cred
      mountPath: "/projected-volume"
      readOnly: true
  volumes:
  - name: mysql-cred
    projected:
      sources:
      - secret:
          name: user
      - secret:
          name: pass

Creating execution

kubectl apply -f test-projected-volume.yaml

View pod has been created out

root@VM-0-8-ubuntu:/home/ubuntu/project-volume# kubectl get pod
NAME READY STATUS RESTARTS AGE
test-projected-volume 1/1 Running 0 5m

Re-entering the view within the pod, see the file already exists, and the same content and settings

root@VM-0-8-ubuntu:/home/ubuntu/project-volume# kubectl exec -it test-projected-volume -- /bin/sh
/ # ls /projected-volume/
password.txt username.txt
/ # cat /projected-volume/username.txt
chenqionghe

Then we amend the username of secret files, chenqionghe modified to cqh (corresponding base encoded as Y3FoCg ==)

kubectl edit secret user

Modifications are as follows

apiVersion: v1
data:
  username.txt: Y3FoCg==
kind: Secret
metadata:
  creationTimestamp: 2019-09-27T09:14:00Z
  name: user
  namespace: default
  resourceVersion: "2108808"
  selfLink: /api/v1/namespaces/default/secrets/user
  uid: 24566f8f-e107-11e9-8c22-f242c645cfec
type: Opaque

View pod mounted again in the file has changed

root@VM-0-8-ubuntu:/home/ubuntu# kubectl exec -it test-projected-volume -- cat /projected-volume/username.txt
cqh

Guess you like

Origin www.cnblogs.com/chenqionghe/p/11601049.html
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com