Kubernetes(K8S) 之 Secret密码管理 和 ConfigmMap配置管理
Secret密码管理 和 ConfigmMap配置管理configmap 和 secret 一样,唯一的区别是secret是以加密的方式存储在etcd,而configmap是以文明方式存储。Secret密码管理:kubectl create secret generic secret1 --from-file=/etc/hosts --from-file=/etc/passwdkubectl cr
·
Secret密码管理 和 ConfigmMap配置管理
configmap 和 secret 配置基本一样,两者区别是secret是以加密的方式存储在etcd,而configmap是以文明方式存储,secret适合存储密码等信息,configmap适合存储配置信息。
Secret密码管理:
kubectl create secret generic secret1 --from-file=/etc/hosts --from-file=/etc/passwd
kubectl create secret generic secret2 --from-literal=root=root123 --from-literal=admin=admin123
kubectl create secret generic secret2 --from-file=key1=/etc/hosts
kubectl describe secrets
kubectl describe secrets secret2
kubectl get secrets secret3 -o jsonpath={.data.key1}|base64 -d
# kubectl get secrets secret2 -o yaml
apiVersion: v1
data:
admin: YWRtaW4xMjM=
root: cm9vdDEyMw==
kind: Secret
metadata:
creationTimestamp: "2021-05-17T12:31:07Z"
name: secret2
namespace: default
resourceVersion: "1085377"
selfLink: /api/v1/namespaces/default/secrets/secret2
uid: f5273b0d-47c6-4101-a876-f25f762d4bc6
type: Opaque
# echo "YWRtaW4xMjM=" | base64 -d
admin123
# kubectl get secrets secret2 -o jsonpath={.data.root}|base64 -d
root123
# kubectl get secrets secret1 -o jsonpath={.data.hosts} |base64 -d
以卷的方式使用secret:
[root@k8s-master ~]# cat pod1.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
volumes:
- name: xx
secret:
secretName: secret1
containers:
- image: nginx
name: pod
imagePullPolicy: IfNotPresent
volumeMounts:
- name: xx
mountPath: /opt/hosts
subPath: hosts
[root@k8s-master ~]# kubectl apply -f pod1.yaml
[root@k8s-master ~]# kubectl exec -it pod1 -- cat /opt/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.11 k8s-master
192.168.2.12 k8s-worker
192.168.2.12 gitlab.example.com
192.168.2.100 harbor.example.com
变量的方式使用secret:
[root@k8s-master ~]# cat mysql1.yaml
apiVersion: v1
kind: Pod
metadata:
name: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
imagePullPolicy: IfNotPresent
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: secret2
key: root
[root@k8s-master ~]# kubectl apply -f mysql1.yaml
[root@k8s-master ~]# kubectl exec -it mysql -- env | grep ROOT
MYSQL_ROOT_PASSWORD=root123
ConfigMap配置管理:
[root@k8s-master ~]# kubectl create configmap config-1 --from-file=/etc/hosts
[root@k8s-master ~]# kubectl get configmaps config-1 -o yaml
apiVersion: v1
data:
hosts: "127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4\n::1
\ localhost localhost.localdomain localhost6 localhost6.localdomain6\n192.168.2.11
k8s-master\n192.168.2.12 k8s-worker \n192.168.2.12 gitlab.example.com\n192.168.2.100
harbor.example.com\n\n"
kind: ConfigMap
metadata:
creationTimestamp: "2021-05-17T13:43:35Z"
name: config-1
namespace: default
resourceVersion: "1097930"
selfLink: /api/v1/namespaces/default/configmaps/config-1
uid: 6aea3a6a-a753-4e66-a453-ec4bc77d6e53
[root@k8s-master ~]# kubectl get configmaps config-1 -o jsonpath={.data.hosts}
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.11 k8s-master
192.168.2.12 k8s-worker
192.168.2.12 gitlab.example.com
192.168.2.100 harbor.example.com
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献11条内容
所有评论(0)