secret类型有三种:
generic: 通用类型,通常用于存储密码数据。
tls:此类型仅用于存储私钥和证书。
docker-registry: 若要保存docker仓库的认证信息的话,就必须使用此种类型来创建。
#命令行创建一个mysql-root-password的secret:
kubectl create secret generic mysql-root-password --from-literal=password=read123
# kubectl get secret
NAME TYPE DATA AGE
default-token-4fzfg kubernetes.io/service-account-token 3 63d
mysql-root-password Opaque 1 3s
# kubectl describe secret mysql-root-password
Name: mysql-root-password
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 7 bytes
# kubectl get secret mysql-root-password -oyaml
apiVersion: v1
data:
password: cmVhZDEyMw==
kind: Secret
metadata:
creationTimestamp: "2021-10-25T08:56:42Z"
name: mysql-root-password
namespace: default
resourceVersion: "1146000"
selfLink: /api/v1/namespaces/default/secrets/mysql-root-password
uid: d36e4ba6-d3be-4623-8cfc-599d65eb525d
type: Opaque
注:secret的加密是一种伪加密,它仅仅是将数据做了base64的编码
创建一个引用secret的Pod清单:
vim pod-secret-1.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-secret-1
namespace: default
labels:
app: myapp
tier: frontend
annotations:
test.com/created-by: “cluster admin”
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
env:
- name: MYSQL_ROOT_PASSWORD #它是Pod启动成功后,Pod中容器的环境变量名.
valueFrom:
secretKeyRef:
name: mysql-root-password #这是secret的对象名
key: password #它是secret中的key名
kuebctl apply -f pod-secret-1.yaml
