Secret

目录

Overview

  • Store encrypted/encoded environments information in k8s.
  • echo -n xxx|base64 to generate base64 string.
  • both data / stringData
    • stringData is plaintext.
    • data is encoded text using base64.
  • Use command kubectl get secret xxx -n matt -o yaml to see the key/value pair(encoded or plaintext). This is why Secret is not secret.
  • Not matt using data or stringData, we can get plaintext of the environtment value in container.

Yaml

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  namespace: matt
type: Opaque
# echo -n admin|base64
#data:
#  NAME: YWRtaW4=
#  PWD: MTIz
stringData:
  NAME: admin
  PWD: "123"

Pod Example

apiVersion: v1
kind: Pod
metadata:
  name: my-pod-2
  namespace: matt
spec:
  containers:
    - name: my-pod-2
      image: busybox
      imagePullPolicy: IfNotPresent
      command: ["/bin/sh","-c","sleep 3600"]
      envFrom:
        - secretRef:
            name: my-secret
#        - configMapRef:
#            name: my-configMap

测试

kubectl describe secret my-secret -n matt
kubectl get secret my-secret -n matt -o yaml
kubectl exec -it my-pod-2 -n matt -- printenv

image

posted @ 2022-08-05 19:03  608088  阅读(44)  评论(0编辑  收藏  举报