45、k8s-数据存储-配置存储-secret-(用于存储配置信息的-比configMap安全)-密文存储
作用:用于存储敏感信息、例如密码、密钥、证书等实验:创建secret、再将secret挂载到容器里去、使用容器查看 secret存储的信息
1、先 使用base64 对数据进行编码
·echo -n 'admin' | base64
---------------------------
YWRtaW4=
---------------------------
·echo -n '123456' | base64
-----------------------------
MTIzNDU2
----------------------------
2、编写secret.yaml:
---------------------------------------------------------------------
apiVersion: v1
kind: Secret
metadata:
name: secret
namespace: dev
type: Opaque
data:
username: YWRtaW4=
password: MIIzNDU2
-------------------------------------------------
3、创建Secret:kubectl create -f secret.yaml
4、查看secret:kubectl describe secret secret -ndev
----------------------------------------------------------
Name: secret
Namespace: dev
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 6 bytes #只显示字符数
username: 5 bytes
------------------------------------------------------
5、创建pod将secret挂载 进去:vim
-----------------------------------------------------
apiVersion: v1
kind: Pod
metadata:
name: pod-secret
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
volumeMounts:
- name: volume-secret
mountPath: /secret/config #容器里的路径 将这个 路径挂载到secret存储卷
volumes:
- name: volume-secret
secret:
secretName: secret
---------------------------------------------------------------------------------------
6、创建pod:kubectl create -f pod-secret.yaml
7、查看pod: kubectl get pods pod-secret -ndev
---------------------------------------------------
NAME READY STATUS RESTARTS AGE
pod-secret 1/1 Running 0 44s
------------------------------------------------
8、进入到容器:kubectl exec -it pod-secret /bin/sh -ndev
-----------------------------------------------------------------
# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin secret srv sys tmp usr var
# cd /secret/config
# ls
password username
# more username
admin
# more password
123456
#secret再 容器里自动解码
---------------------------------------------------------------------------------------------------------------------
