如何在 kubernetes 环境建立一个sectets

如何在 kubernetes 环境建立一个sectets

1 使用kubectl命令行

1.1 建立用户,密码文件

1
2
# echo -n 'admin' > ./username.txt
# echo -n '123456' > ./password.txt

1.2 使用kubectl命令建立一个secret

1
2
# kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt
secret/db-user-pass created

1.3 查看并且查看secret

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# kubectl get secrets
NAME TYPE DATA AGE
db-user-pass Opaque 2 2m4s
default-token-qbz2d kubernetes.io/service-account-token 3 6d19h

# kubectl describe secrets db-user-pass
Name: db-user-pass
Namespace: default
Labels: <none>
Annotations: <none>

Type: Opaque

Data
====
password.txt: 6 bytes
username.txt: 5 bytes

2 手动建立

2.1 生成base64的加密信息

1
2
3
4
# echo -n 'admin' | base64
YWRtaW4=
# echo -n '123456' | base64
MTIzNDU2

2.2 建议secret的yaml

1
2
3
4
5
6
7
8
9
10
# vim secret.yaml
# cat secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MTIzNDU2

2.3 导入yaml文件

1
2
# kubectl apply -f secret.yaml
secret/mysecret created

2.4 获取并且describe详细的信息.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# kubectl get secrets
NAME TYPE DATA AGE
db-user-pass Opaque 2 15m
default-token-qbz2d kubernetes.io/service-account-token 3 6d19h
mysecret Opaque 2 13s
# kubectl describe secrets mysecret
Name: mysecret
Namespace: default
Labels: <none>
Annotations:
Type: Opaque

Data
====
password: 6 bytes
username: 5 bytes