Kubernetes存储之Secret
生活随笔
收集整理的這篇文章主要介紹了
Kubernetes存储之Secret
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
Secret解決了密碼、token、密鑰等敏感數據的配置問題,而不需要把這些敏感數據暴露到鏡像或者Pod Spec中,Secret可以以Volume或者環境變量的方式使用
Secret有三種類型:
- Service Account: 用來訪問Kubernetes API,有Kubernetes自動創建,并且會自動掛載到Pod的/run/secrets/kubernetes.io/serviceaccount 目錄中
- Opaque:base64編碼格式的Secret,用來存儲密碼、密鑰等
- kubernetes.io/dockerconfigjson:用來存儲私有docker registry的認證信息
Service Account
Service Account用來訪問Kubernetes API,有Kubernetes自動創建,并且會自動掛載到Pod的/run/secrets/kubernetes.io/serviceaccount 目錄中
$ kubectl run nginx --image nginx deployment "nginx" created $ kubectl get pods ... $ kubectl exec nginx-xxx ls /run/secrets/kubernetes.io/serviceaccount ca.crt namespace tokenOpaque Secret
1.創建說明
$ echo -n "admin" | base64 YWRtaW4= $ echo -n "1f2d1e2e67df" | base64 MWYyZDFlMmU2N2Rmsecrets.yaml
apiVersion: v1 kind: Secret metadata:name: mysecret type: Opaque data:password: MWYyZDFlMmU2N2Rmusername: YWRtaW4=2.使用方式
2.1 將Secret掛載到Volume中
apiVersion: v1 kind: Pod metadata:labels:name: secret-testname: secret-test spec:volumes:- name: secretssecret:secretName: mysecretcontainers:- image: myapp:v1name: dbvolumeMounts:- name: secretsmountPath: "/etc/secrets"readOnly: true2.2 將Secret導入到環境變量中
apiVersion: extensions/v1beta1 kind: Deployment metadata:name: pod-deployment spec:replicas: 2template:metadata:labels:app: pod-deploymentspec:containers:- name: pod-1image: myapp:v1ports:- containerPort: 80env:- name: TEST_USERvalueFrom:secretKeyRef:name: mysecretkey: username- name: TEST_PASSWORDvalueFrom:secreKeyRef:name: mysecretkey: passwordKubernetes.io/dockerconfigjson
使用Kubectl創建docker registry認證的secret
$ kubectl create docker-registry myregistrykey --docker-server=hub.example.com --docker-username=admin --docker-password=Harbor12345 --docker-email=Yuan_sr@163.com在創建Pod的時候,通過imagePullSecrets 來引用剛創建的myregistrykey
apiVersion: v1 kind: Pod metadata:name: foo spec:containers:- name: fooimage: wst/example:v1 #私有倉庫中的鏡像imagePullSecrets:- name: myregistrykey 《新程序員》:云原生和全面數字化實踐50位技術專家共同創作,文字、視頻、音頻交互閱讀總結
以上是生活随笔為你收集整理的Kubernetes存储之Secret的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Kubernetes存储之ConfigM
- 下一篇: Kubernetes存储之volume