Shulou(Shulou.com)06/03 Report--

[root@master yaml] # mkdir secret

[root@master yaml] # cd secret/

Secret: used to store sensitive information, such as the user name or key of the database.

View the key of the namespace that comes with k8s:

Kubectl get s1ecrets-n kube-system

Example: save the user name and password of the data 1 library

​ user name: root1

​ password: 123.com

The first method:

Through-- from-literal (literal way):

Kubectl create secret generic (general, general) mysecret1-from-literal=username=root-from-literal=password=123.com

The second method:

Through-- from-file (in the form of files):

[root@master secret] # echo root > username [root@master secret] # echo 123.com > password [root@master secret] # lspassword username [root@master secret] # kubectl create secret generic mysecret2-- from-file=username-- from-file=password secret/mysecret2 created

Verify that the file is deleted. Will the created user and password still exist?

[root@master secret] # rm-rf password username

To prove that it still exists.

The third method:

Through-- from-env-file:

[root@master secret] # cat env.txt username=rootpassword=123.com [root@master secret] # kubectl create secret generic mysecret3-from-env-file=env.txt secret/mysecret3 created

The fourth method:

Through the yaml configuration file:

Export to a yaml file:

Kubectl get secrets mysecret1-o yaml

Encrypt the data that needs to be saved:

[root@master secret] # echo root | base64cm9vdAo= [root@master secret] # echo 123.com | base64MTIzLmNvbQo=

Write a yaml file:

[root@master secret] # vim secret4.yamlapiVersion: v1kind: Secretmetadata: name: mysectet4data: username: cm9vdAo= password: MTIzLmNvbQo= [root@master secret] # kubectl apply-f secret4.yaml secret/mysectet4 created

Decode:

[root@master secret] # echo-n cm9vdAo= | base64-- decode root [root@master secret] # echo-n MTIzLmNvbQo= | base64-- how decode 123.com uses Secret resources: the first method:

Mount as Volume:

[root@master secret] # vim pod.yamlapiVersion: v1kind: Podmetadata: name: mypodspec: containers:-name: mypod image: busybox args:-/ bin/sh-- c-sleep 300000 volumeMounts:-name: secret-test mountPath: "/ etc/secret-test" readOnly: true volumes:-name: secretName: mysecret1 [root@master secret] # kubectl apply-f pod.yaml pod/mypod created

Check to see if it is hung on success:

[root@master secret] # kubectl exec-it mypod / bin/sh/ # cd / etc/secret-test//etc/secret-test # lspassword username/etc/secret-test # cat password 123.com/etc/secret-test # / etc/secret-test # cat username root/etc/secret-test # password and username files are read-only files and cannot be modified: / etc/secret-test # echo admin > username/bin/sh: can't create username: Read-only file system second way:

As environment variables:

[root@master secret] # cp pod.yaml pod_env.yaml [root@master secret] # vim pod_env.yamlapiVersion: v1kind: Podmetadata: name: mypod2spec: containers:-name: mypod image: busybox args:-/ bin/sh-- c-sleep 300000 env:-name: SECRET_USERNAME valueFrom: secretKeyRef: name: mysecret2 key: username -name: SECRET_PASSWORD valueFrom: secretKeyRef: name: mysecret2 key: password [root@master secret] # kubectl apply-f pod_env.yaml pod/mypod2 created

[root@master secret] # kubectl exec-it mypod2 / bin/sh/ # echo $SECRET_PASSWORD123.com/ # echo $SECRET_USERNAMEroot

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.