K8S Secret

#通过明文创建Secret[root@k8s-master-01 ~]# kubectl create secret generic mysecret --from-literal=myuser=tom --from-literal=mypass=secretTestsecret/mysecret created[root@k8s-master-01 ~]# kubectl get secretN

佛系的李师傅

398人浏览 · 2022-02-12 12:41:13

佛系的李师傅 · 2022-02-12 12:41:13 发布

#通过明文创建Secret
[root@k8s-master-01 ~]# kubectl create secret generic mysecret --from-literal=myuser=tom --from-literal=mypass=secretTest
secret/mysecret created
[root@k8s-master-01 ~]# kubectl get secret
NAME                  TYPE                                  DATA   AGE
default-token-kxfs4   kubernetes.io/service-account-token   3      23h
mysecret              Opaque                                2      7s
[root@k8s-master-01 ~]# kubectl get secret mysecret -o yaml
apiVersion: v1
data:
  mypass: c2VjcmV0VGVzdA==
  myuser: dG9t
kind: Secret
metadata:
  creationTimestamp: "2022-02-12T03:51:24Z"
  name: mysecret
  namespace: app01
  resourceVersion: "142857"
  uid: e74a923c-c706-42bb-bba2-678f70144546
type: Opaque
#通过base64解码成明文密码。
[root@k8s-master-01 ~]# echo c2VjcmV0VGVzdA== | base64 -d
secretTest
#直接通过jsonpath获取。{.data.mypass}中.表示根，从根向下逐级寻找
[root@k8s-master-01 ~]# kubectl get secret mysecret -o jsonpath='{.data.mypass}' 
| base64 -d
secretTest
#通过文件明文创建secret
[root@k8s-master-01 ~]# kubectl create secret generic mysecret3 --from-file=/etc/hosts --from-file=/etc/resolv.conf
secret/mysecret3 created
[root@k8s-master-01 ~]# kubectl get secret mysecret3 -o yaml
apiVersion: v1
data:
  hosts: MTI3LjAuMC4xICAgbG9jYWxob3N0IGxvY2FsaG9zdC5sb2NhbGRvbWFpbiBsb2NhbGhvc3Q0IGxvY2FsaG9zdDQubG9jYWxkb21haW40Cjo6MSAgICAgICAgIGxvY2FsaG9zdCBsb2NhbGhvc3QubG9jYWxkb21haW4gbG9jYWxob3N0NiBsb2NhbGhvc3Q2LmxvY2FsZG9tYWluNgoxOTIuMTY4LjcxLjEzMyAgazhzLW1hc3Rlci0wMQoxOTIuMTY4LjcxLjEzNCAgazhzLW5vZGUtMDEKMTkyLjE2OC43MS4xMzUgIGs4cy1ub2RlLTAyCgo=
  resolv.conf: IyBHZW5lcmF0ZWQgYnkgTmV0d29ya01hbmFnZXIKbmFtZXNlcnZlciAxMTQuMTE0LjExNC4xMTQK
kind: Secret
metadata:
  creationTimestamp: "2022-02-12T04:08:28Z"
  name: mysecret3
  namespace: app01
  resourceVersion: "144187"
  uid: 3bd9ff38-a97c-4060-a5ae-96a5241667fb
type: Opaque

[root@k8s-master-01 ~]# kubectl get secret mysecret3 -o jsonpath='{.data.hosts}' | base64 -d
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.71.133  k8s-master-01
192.168.71.134  k8s-node-01
192.168.71.135  k8s-node-02
#变量方式引用secret
[root@k8s-master-01 k8s]# kubectl run dbpod --image=mysql --image-pull-policy=IfNotPresent --dry-run -o yaml > dbSecretTest.yaml
##修改dbSecretTset.yaml如下
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: dbpod
  name: dbpod
spec:
  containers:
  - image: mysql
    imagePullPolicy: IfNotPresent
    name: dbpod
    resources: {}
    env:
    - name: MYSQL_ROOT_PASSWORD
      valueFrom:
        secretKeyRef:
          name: mysecret #引用之前创建过的secret
          key: mypass #之前创建过的secret的key mypass
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}

[root@k8s-master-01 k8s]# kubectl get pods -o wide
NAME    READY   STATUS    RESTARTS      AGE   IP            NODE          NOMINATED NODE   READINESS GATES
dbpod   1/1     Running   0             90s   10.244.1.23   k8s-node-01   <none>           <none>

K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 | 韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号前言台湾作家林清玄在接受记者采访的时候，如此评价自己 30 多年写作生涯：“第一个十年我才华横溢，‘贼光闪现’，令周边黯然失色；第二个十年，我终于‘宝光现形’，不再去抢风头，反而与身边的美丽相得益彰；进入第三个十年，繁华落尽见真醇，我进入了‘醇光初现’的阶段，真正体味到了境界之美”。长夜有穷，真水无香。领略过了 K8s“身在江

K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台？

作者 | 孙健波（天元）导读：当前云原生 DevOps 体系现状如何？面临哪些挑战？如何通过 OAM 解决云原生 DevOps 场景下的诸多问题？云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答，并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps？为什么基于 Kub