zoukankan      html  css  js  c++  java

  • kubernetes之secret

    secret 作用: 保管私密数据

    secret使用场景

    1. 创建pod时候, 为pod指定serviceaccount来自动使用secret 
2. 通过挂载该secret到pod来使用它
3. 下载docker镜像, 通过指定pod的spec.ImagePullSecrets来引用
4. 生成变量

    通过挂载该secret到pod来使用它, pod容器里生成文件

    1. 创建secret
    方式一:命令方式创建:kubectl create secret generic myscret --from-literal=username=test --from-literal=password=test -o yaml --dry-run 
方式二: 文件方式:
apiVersion: v1
data:
  password: dGVzdA==
  username: dGVzdA==
kind: Secret
metadata:
  name: myscret

    注意: 密码使用base64方式进行加密, 解密方式:echo dGVzdA== |base64 -d

    1. 挂载
    apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: default 
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1 
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        volumeMounts:
        - name: foo
          mountPath: "/usr/share/nginx/html"
      volumes:
      - name: foo
        secret:
          secretName: myscret

kubectl exec nginx-deployment-68d7ffc4fd-lhwmv cat /usr/share/nginx/html/username
kubectl exec nginx-deployment-68d7ffc4fd-lhwmv cat /usr/share/nginx/html/password 
#会在/usr/share/nginx/html生成文件

    生成变量

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: default 
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1 
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        env:
        - name: Nginx_username
          valueFrom:
            secretKeyRef:
              name: myscret
              key: username 
        - name: Nginx_password
          valueFrom:
            secretKeyRef:
              name: myscret
              key: password

    docker pull image

    #kubectl create secret docker-registry myaliyun --docker-server registry.cn-hangzhou.aliyuncs.com --docker-username ${your_username} --docker-password ${your_password} --docker-email ${your_email}  -o yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: default 
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1 
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
      imagePullSecrets:
      - name: myaliyun
  • 相关阅读:
    PAT B1027 打印沙漏 (20 分)
    PAT B1025 反转链表 (25 分)
    PAT B1022 D进制的A+B (20 分)
    PAT B1018 锤子剪刀布 (20 分)
    PAT B1017 A除以B (20 分)
    PAT B1015 德才论 (25 分)
    PAT B1013 数素数 (20 分)
    PAT B1010 一元多项式求导 (25 分)
    HDU 1405 The Last Practice
    HDU 1165 Eddy's research II
  • 原文地址:https://www.cnblogs.com/lovelinux199075/p/11265395.html
Copyright © 2011-2022 走看看