2024-07-01 22:16阅读: 11评论: 0推荐: 0

45、k8s-数据存储-配置存储-secret-（用于存储配置信息的-比configMap安全）-密文存储

 作用：用于存储敏感信息、例如密码、密钥、证书等

实验：创建secret、再将secret挂载到容器里去、使用容器查看 secret存储的信息

 1、先 使用base64 对数据进行编码
    ·echo -n 'admin' | base64
    ---------------------------
    YWRtaW4=
    ---------------------------
    ·echo -n '123456' | base64
    -----------------------------
    MTIzNDU2
    ----------------------------
2、编写secret.yaml：
---------------------------------------------------------------------
apiVersion: v1
kind: Secret
metadata:
  name: secret
  namespace: dev
type: Opaque
data:
  username: YWRtaW4=
  password: MIIzNDU2
-------------------------------------------------
3、创建Secret：kubectl create -f secret.yaml
4、查看secret：kubectl describe secret secret -ndev
----------------------------------------------------------
Name:         secret
Namespace:    dev
Labels:       <none>
Annotations:  <none>
 
Type:  Opaque
 
Data
====
password:  6 bytes        #只显示字符数
username:  5 bytes
------------------------------------------------------
5、创建pod将secret挂载 进去：vim 
-----------------------------------------------------
apiVersion: v1
kind: Pod
metadata:
  name: pod-secret
  namespace: dev
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1
    volumeMounts:
    - name: volume-secret
      mountPath: /secret/config   #容器里的路径  将这个 路径挂载到secret存储卷
 
  volumes:
  - name: volume-secret
    secret:
      secretName: secret
---------------------------------------------------------------------------------------
6、创建pod：kubectl create -f pod-secret.yaml
7、查看pod： kubectl get pods pod-secret -ndev
---------------------------------------------------
NAME         READY   STATUS    RESTARTS   AGE
pod-secret   1/1     Running   0          44s
------------------------------------------------
8、进入到容器：kubectl exec -it pod-secret /bin/sh -ndev
-----------------------------------------------------------------
# ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  secret  srv  sys  tmp  usr  var
# cd /secret/config
# ls
password  username
# more username
admin
# more password
123456
 
#secret再 容器里自动解码
---------------------------------------------------------------------------------------------------------------------

上一篇39、k8s-数据存储-基本存储-EmptyDir（空目录）

下一篇48、k8s-安全认证-授权管理-角色创建、用户绑定角色

本文作者：little小新

本文链接：https://www.cnblogs.com/littlecc/p/17700790.html

posted @ 2024-07-01 22:16 little小新阅读(11) 评论(0) 编辑收藏举报

刷新页面返回顶部

登录后才能查看或发表评论，立即登录或者逛逛博客园首页

littlecc

无限制的技术都要学

45、k8s-数据存储-配置存储-secret-（用于存储配置信息的-比configMap安全）-密文存储

公告

常用链接

我的标签

随笔分类

随笔档案

相册

阅读排行榜

评论排行榜

推荐排行榜

最新评论

	1、先使用base64 对数据进行编码
	·echo -n 'admin' \| base64
	---------------------------
	YWRtaW4=
	---------------------------
	·echo -n '123456' \| base64
	-----------------------------
	MTIzNDU2
	----------------------------
	2、编写secret.yaml：
	---------------------------------------------------------------------
	apiVersion: v1
	kind: Secret
	metadata:
	name: secret
	namespace: dev
	type: Opaque
	data:
	username: YWRtaW4=
	password: MIIzNDU2
	-------------------------------------------------
	3、创建Secret：kubectl create -f secret.yaml
	4、查看secret：kubectl describe secret secret -ndev
	----------------------------------------------------------
	Name: secret
	Namespace: dev
	Labels: <none>
	Annotations: <none>

	Type: Opaque

	Data
	====
	password: 6 bytes #只显示字符数
	username: 5 bytes
	------------------------------------------------------
	5、创建pod将secret挂载进去：vim
	-----------------------------------------------------
	apiVersion: v1
	kind: Pod
	metadata:
	name: pod-secret
	namespace: dev
	spec:
	containers:
	- name: nginx
	image: nginx:1.17.1
	volumeMounts:
	- name: volume-secret
	mountPath: /secret/config #容器里的路径将这个路径挂载到secret存储卷

	volumes:
	- name: volume-secret
	secret:
	secretName: secret
	---------------------------------------------------------------------------------------
	6、创建pod：kubectl create -f pod-secret.yaml
	7、查看pod： kubectl get pods pod-secret -ndev
	---------------------------------------------------
	NAME READY STATUS RESTARTS AGE
	pod-secret 1/1 Running 0 44s
	------------------------------------------------
	8、进入到容器：kubectl exec -it pod-secret /bin/sh -ndev
	-----------------------------------------------------------------
	# ls
	bin boot dev etc home lib lib64 media mnt opt proc root run sbin secret srv sys tmp usr var
	# cd /secret/config
	# ls
	password username
	# more username
	admin
	# more password
	123456

	#secret再容器里自动解码
	---------------------------------------------------------------------------------------------------------------------