Shulou(Shulou.com)06/02 Report--

Secret solves the problem of configuring sensitive data such as passwords, token and keys. Using Secret can avoid exposing these sensitive data to the mirror or Pod Spec in the form of plaintext.

Secret can be used as Volume or environment variables.

Create a secret using the following command line:

Kubectl create secret generic admin-access-from-file=./username.txt-from-file=./password.txt

The input files username.txt and password.txt need to be created manually, which maintains the user name and password for the test, respectively.

After the creation is successful, it is found that the type of secret is Opaque:

In fact, there are three types of secret for Kubernetes:

1. Service Account: used to access Kubernetes API, automatically created by Kubernetes, and automatically mounted to the / run/secrets/kubernetes.io/serviceaccount directory of Pod

2. Secret in Opaque:base64 format, which is used to store passwords, keys, etc.

3. Kubernetes.io/dockerconfigjson: used to store authentication information of private docker registry.

The type of secret we just created is Opaque, so in the returned result of kubectl get secrets, we can see that the values of password and username are both encoded by base64:

It's also easy to consume this secret in pod. Look at an example:

ApiVersion: v1kind: Podmetadata:name: secret-podspec:restartPolicy: Nevervolumes:- name: credentialssecret:secretName: admin-accessdefaultMode: 0440 containers cat-name: secret-containerimage: alpine:3.8command: ["/ bin/sh", "- c", "cat / etc/foo/username.txt / etc/foo/password.txt"] volumeMounts:- name: credentialsmountPath: "/ etc/foo" readOnly: true

Create a pod, execute it automatically, and view the log of pod through the log command:

It is found that the / bin/sh command has been executed, and the username.txt and password.txt under the pod mount directory / etc/foo display the output through the cat command:

For more original Jerry articles, please follow the official account "Wang Zixi":

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.