Kubernetes Secrets值验证
一、secrets创建
secrets创建方法常见的有三种:
- kubectl命令直接创建
- kubectl命令从文件中获取
- 通过yaml文件创建
具体如下:
1# 方法1:
2$ kubectl create secret generic <secret-name> --from-literal=iamAdminPasswordKey=<password> --namespace <namespace>
3
4$ kubectl create secret generic cncc-iam-secret --from-literal=iamAdminPasswordKey=cncciampasswordvalue --namespace cncc
5$ kubectl describe secret cncc-iam-secret -n cncc
6
7# 方法2:
8echo -n 'admin' > ./username.txt
9echo -n '1f2d1e2e67df' > ./password.txt
10
11kubectl create secret generic db-user-pass \
12 --from-file=./username.txt \
13 --from-file=./password.txt
14
15# 方法3:
16echo -n 'admin' | base64 //YWRtaW4=
17echo -n '1f2d1e2e67df' | base64 //MWYyZDFlMmU2N2Rm
18
19apiVersion: v1
20kind: Secret
21metadata:
22 name: mysecret
23type: Opaque
24data:
25 username: YWRtaW4=
26 password: MWYyZDFlMmU2N2Rm
27
28kubectl apploy -f secrets-test.yaml
29
30</namespace></password></secret-name>
二、验证secrets的值
对于创建的secrets值,可以通过运行一个pod,调用创建的值进行确认:
1[root@test11-41044 test]# ll
2total 8
3-rw------- 1 root root 273 Oct 1 06:57 pod.yaml
4-rw------- 1 root root 125 Oct 1 06:11 sec.yaml
5[root@test11-41044 test]# cat sec.yaml
6apiVersion: v1
7kind: Secret
8metadata:
9 name: mysecret
10type: Opaque
11data:
12 USER_NAME: YWRtaW4=
13 PASSWORD: MWYyZDFlMmU2N2Rm
14
15[root@test11-41044 test]# cat pod.yaml
16apiVersion: v1
17kind: Pod
18metadata:
19 name: secret-test-pod
20spec:
21 containers:
22 - name: test-container
23 image: registry.k8s.io/busybox
24 command: [ "/bin/sh", "-c", "env" ]
25 envFrom:
26 - secretRef:
27 name: mysecret
28 restartPolicy: Never
29
30[root@test11-41044 test]# kubectl get secrets
31NAME TYPE DATA AGE
32cncc-db-secret Opaque 1 8d
33default-secret kubernetes.io/dockerconfigjson 1 11d
34default-token-4pxpx kubernetes.io/service-account-token 3 11d
35mysecret Opaque 2 8d
36mysql-pass Opaque 1 8d
37paas.elb cfe/secure-opaque 3 11d
查看测试pod的调用日志:
1[root@test11-41044 test]# kubectl apply -f pod.yaml
2pod/secret-test-pod created
3[root@test11-41044 test]# kubectl logs secret-test-pod
4WORDPRESS_PORT_80_TCP_PROTO=tcp
5KUBERNETES_PORT=tcp://10.247.0.1:443
6KUBERNETES_SERVICE_PORT=443
7HOSTNAME=secret-test-pod
8……
9USER_NAME=admin
10PASSWORD=1f2d1e2e67df
而如果我们想要查看其他secret对象,只需要更改secretRef对应的name值就可以了。
参考页面:
https://kubernetes.io/docs/concepts/configuration/secret/
https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/
捐赠本站(Donate)
如您感觉文章有用,可扫码捐赠本站!(If the article useful, you can scan the QR code to donate))
- Author: shisekong
- Link: https://blog.361way.com/check-secrets-values/6924.html
- License: This work is under a 知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议. Kindly fulfill the requirements of the aforementioned License when adapting or creating a derivative of this work.